Windows Analysis Report
SecuriteInfo.com.Heur.21832.3236.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Heur.21832.3236.exe
Analysis ID:	1428295
MD5:	df0daae26fb3f58a6b9ce4d144a81b48
SHA1:	38e41ab0e2712f7762c6d8b56892362cbb1b6744
SHA256:	ee9c745ec13fb4389968431701fecabaa3fd85f607e694e0d8747703a60fe0dc
Tags:	exe
Infos:

Detection

Score:	5
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Compliance

Score:	34
Range:	0 - 100

Signatures

Binary contains a suspicious time stamp

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

EXE planting / hijacking vulnerabilities found

Enables security privileges

Found dropped PE file which has not been started or loaded

Installs a raw input device (often for capturing keystrokes)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSE.electron.txt

Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000780B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdbj source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libGLESv2.dll.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp

Spreading

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004059CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004065FD FindFirstFileW,FindClose,	0_2_004065FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\locales	Jump to behavior

Networking

Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: a--optimize-for-size--noharmony-shipping--harmony--wasm-staging--future--no-future--liftoff--no-liftoff--wasm-lazy-compilation--no-wasm-lazy-compilation--experimental-wasm-simd--no-experimental-wasm-simd--harmony-import-assertions--harmony-atomics--no-harmony-sharedarraybuffer--wasm-tier-up--no-wasm-tier-up--no-wasm-trap-handler--no-untrusted-code-mitigationsV8.MemoryHeapUsedV8.MemoryHeapCommitted.gmail.docs.plus.inboxcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.com equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000006FE5000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s:80../../services/network/public/cpp/network_connection_tracker.ccOnNetworkChangedOnGetConn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007075000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774D3C000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://.css
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007075000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774D3C000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://.jpg
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://2x.io
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://allyoucanleet.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1085
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452expand_integer_pow_expressionsThe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1512
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1637
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1936
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2046
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152skip_vs_constant_register_zeroIn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2273
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2514
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2727
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2978
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3016
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3027
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3045
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3153
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3243
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246allow_clear_for_robust_resource_initSome
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3529
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682GL_USES_FRAG_COLORGL_USES_FRAG_DATA_SECONDARY_COLORGL_USES_SECONDARGL_USES_F
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3729
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3859
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3997
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4214
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4267
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4339
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4646
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/482
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4995
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5469
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://api.www.myobfuscate.com/?getsrc=ok
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-w
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://bugs.jquery.com/ticket/12385.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://casper.beckman.uiuc.edu/~c-tsai4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://chasen.aist-nara.ac.jp/chasen/distribution.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ci.testling.com/substack/node-concat-map)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ci.testling.com/substack/node-concat-map.png)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cldr.unicode.org/index/downloads
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/lao-dictionary/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/smhasher/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/v8
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/v8/issues/detail?id=1858).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1094869
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/110263
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1144207
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1171371
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/308366
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/403957
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/565179
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/619103.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/619103.Subsequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642227
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642605
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/644669
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/650547
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/672380
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/709351
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/772651
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/797243
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/809422
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/830046
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/849576
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/883276
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/927470
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThere
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://creativecommons.org/licenses/MIT/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://daniel.zelisko.net
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dev.w3.org/csswg/css-color/#hwb-to-rgb
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://devel.freebsoft.org/speechd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://developers.google.com/speed/webp
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dom.spec.whatwg.org/#dom-domimplementation-hasfeature
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dom.spec.whatwg.org/#dom-node-comparedocumentposition
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dominictarr.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-patterns).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-tolength).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://encoding.spec.whatwg.org/#big5-encoder
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://esprima.org)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/commonnode-set../../third_party/blink/renderer/core/xml/xslt_extensions.ccxsltNewSe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://facebook.github.io/react/)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant=
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fb.me/prop-types-in-prod
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fb.me/use-check-prop-types
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fedorahosted.org/lohit>
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://feedic.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://feross.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ghinda.net/jpeg-blob-ajax-android/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/Raynos/to-array/raw/master/LICENSE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/danielzzz/node-ping
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/dominictarr/config-chain
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/gperftools/gperftools
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/kriskowal/mr)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/sctplab/usrsctp
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://goo.gl/0ejHHW
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://google.github.io/snappy/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://hertzen.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007075000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774D3C000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxon
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icu-project.org/docs/papers/gb18030.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://img.shields.io/npm/dm/socket.io-client.svg?style=flat)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://isrc.ifpi.org/en/isrc-standard/code-syntax
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/173636783
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/1-vs-infinity
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/copy-array-inline
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/emptying-a-node
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/hashing-strings
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/key-exists
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/key-missing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/obj-vs-arr-iteration
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/uncurrythis
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://juliangruber.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://llvm.org/):
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://marijnhaverbeke.nl/git/acorn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://me.abelcheung.org/articles/research/what-is-cp951/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://modernizr.com/docs/#prefixed)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://moztw.org/docs/big5/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://n8.io/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://npmjs.org)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000000.1732463402.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.org/licenses/bsd-license.php
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://promises-aplus.github.com/promises-spec/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schema.org/docs/gs.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFL
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://slack.socket.io)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://slack.socket.io/badge.svg?)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/compatibility)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/16459606/376773
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/398120/376773
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/5982798/376773
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/9808332/192024).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://substack.net
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tanyabrassie.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://travis-ci.org/substack/node-concat-map)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://trevp.net/tlslite/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tukaani.org/xz/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://underscorejs.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://underscorejs.org/LICENSE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://valgrind.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://webkit.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wiki.ecmascript.org/doku.php?id=conventions:safe_meta_programming
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wiki.ecmascript.org/doku.php?id=strawman:concurrency
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wiki.ecmascript.org/doku.php?id=strawman:concurrency&rev=1308776521#allfulfilled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wpad/wpad.dat
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheck../../net/proxy_
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wpad/wpad.dat../../net/proxy_resolution/win/proxy_config_service_win.cc~ProxyConfigServiceWin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.andismith.com/blog/2012/02/modernizr-prefixed/)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chromium.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.color.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.color.orgRegistryNameCustomOutputConditionIdentifiersRGB
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dabeaz.com/ply/ply-3.11.tar.gz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-7.9.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-array-exotic-objects
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-toint32
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01http://www.webrtc.org/exper
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jclark.com/xt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.localeplanet.com/java/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.nonblocking.io/2011/06/windownexttick.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.nongnu.org/freebangfont/downloads.html#mukti
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ploscompbiol.org/static/license
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.polymer-project.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.pylint.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/blog/archives/2008/04/delegating_the.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/blog/archives/2010/09/click_event_del.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/dom/events/scroll.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/dom/events/tests/scroll.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/js/events_properties.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.strongtalk.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.thespanner.co.uk/2007/11/26/ultimate-xss-css-injection/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1841978948.0000000005CB0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.webmproject.org/code/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.webrtc.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-timeurn:3gpp:video-orientationhttp://www.we
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-timehttp://www.ietf.org/id/draft-holmer-rmcat-
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02http://www.webrtc.org/experiments/r
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-frame-tracking-id
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/parsing.html#preprocessing-the-input-str
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-input-element.html#input-type-attr-s
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#appropriate-end-tag-to
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#tokenizing-character-r
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/tree-construction.html#adoptionAgency)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://zlib.net/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://android.com/pay
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://android.googlesource.com/platform/external/setupdesign/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4674
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4849
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5140
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/add/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/addBack/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/addClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/after/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/append/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/appendTo/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/before/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/children/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/clone/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/closest/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/contents/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/each/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/empty/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/end/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/eq/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/find/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/first/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/has/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/hasClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/index/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/insertAfter/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/insertBefore/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/is/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/jQuery.contains/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/jQuery.merge/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/last/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/map/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/next/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/nextAll/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/nextUntil/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/not/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/parent/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/parents/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/parentsUntil/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prepend/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prependTo/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prev/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prevAll/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prevUntil/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/remove/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/removeAttr/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/removeClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/replaceWith/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/serialize/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/serializeArray/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/siblings/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/slice/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/toggleClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/unwrap/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/wrap/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/wrapAll/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/wrapInner/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://badge.fury.io/js/socket.io-client.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beautifier.io/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)ScriptProcessorHandler::ProcessScriptProcessorHandler::Process
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/gutworth/six/commits/tag/1.10.0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlaudio
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blogs.office.com/2013/04/17/outlook-com-gets-two-step-verification-sign-in-by-alias-and-new-
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=608416
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10704
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/13393
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/4833
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1276240
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=162431
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=208427
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=310299
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.android.clients.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.bigcache.googleapis.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.doc-0-0-sj.sj.googleusercontent.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.docs.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.drive.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.googlesyndication.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.pack.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.play.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.youtube.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cheerio.js.org#loading
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cheerio.js.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorehttps://clients2.google.com/service/update2/crx/detail/sb-ssl.goog
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromestatus.com/feature/4735925877735424
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromestatus.com/feature/5436853517811712
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=355103
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/sctp-refimpl/source/browse/trunk/COPYRIGHT)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1042393
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1046462
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1053756
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1053756ICE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1091824
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1137851
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1144908
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1144908.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1144908.The
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1144908Changing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1154140
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024select_view_in_geometry_shaderThe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547call_clear_twiceUsing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534use_system_memory_for_constant_buffersCopying
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/705865
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/710443
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/811661
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/824383
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/824647
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/882238.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/927119
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/927119../../third_party/blink/renderer/core/script/script_loader.ccPrepareScriptEx
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/954323
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/981419
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by-sa/4.0/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://david-dm.org/socketio/socket.io-client#info=devDependencies)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://david-dm.org/socketio/socket.io-client)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://david-dm.org/socketio/socket.io-client.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://david-dm.org/socketio/socket.io-client/dev-status.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dawn.googlesource.com/tint
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dejavu-fonts.github.io/Download.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/assign)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Global_Objects/String/fromCharCode#Get
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/AnimationEvent
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent#Key_names
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Node/innerText
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Node/textContent
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/TransitionEvent
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/At-rule
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTML/Block-level_elements
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/isindex
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTML/Inline_elements
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#Escaping
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map#Key_equality)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/android/guides/setup
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-write
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-writeDocument.writewritelnDocume
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2019/07/web-components-time-to-upgrade
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://discord.gg/electron
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/library/functions.html#range).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://electronjs.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.com/immutable-js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.count
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.foreach
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.map
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.only
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.toarray
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.cloneelement
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createclass
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createelement
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createfactory
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.isvalidelement
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.finddomnode
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.render
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.unmountcomponentatnode
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-controlled-components
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-devtools
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-event-pooling
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-invariant-dangerously-set-inner-html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-legacyfactory
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-minification
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-refs-must-have-owner).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-special-props)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-spread-deprecation
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-unknown-prop%s
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-warning-dont-call-proptypes
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-warning-keys
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-warning-polyfills
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gcp.gvt2.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gcp.gvt6.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/1782808).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/engine.io-client/pull/217
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/has-binary/pull/4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/socket.io-client#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/socket.io-client.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/socket.io-parser#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/socket.io-parser.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ChALkeR
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ChALkeR/safer-buffer#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Cyan4973/xxHash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/FB55/domelementtype#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/FB55/domutils#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GoogleChromeLabs/pywebsocket3/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Cross
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/MarshallOfSound/react-electron-web-view
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/MarshallOfSound/react-electron-web-view.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Microsoft/tslib.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Modernizr/Modernizr/blob/master/feature-detects/cors.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/NobleJS/setImmediate
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/NobleJS/setImmediate))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Qix-/color-convert#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Qix-/color-convert.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Qix-/color-convert/blob/3f0e0d4e92e235796ccb17f6e85c72094a651f49/conversions.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Raynos/after#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Raynos/to-array
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/STRML/async-limiter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/gh-pages/implementation-status.md
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/gh-pages/implementation-status.mdBluetoothEithe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/aawc/unrar.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/amdjs/amdjs-api/wiki/AMD#defineamd-property-
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/antirez/linenoise
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ariya/phantomjs/issues/11395
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/benjamingr/RegExp.escape/blob/main/polyfill.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/master/index.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-styles#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-styles.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-styles?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/chalk#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/chalk.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/chalk/pull/92
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/chalk?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cheeriojs/cheerio-select#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cheeriojs/cheerio?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cheeriojs/dom-renderer#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cheeriojs/dom-serializer?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chriso/validator.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chriso/validator.js.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/colorjs/color-name
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/bind#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/bind.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/emitter#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/emitter.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/has-cors#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/inherit#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/inherit.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/27165d2))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/2a7b25c))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/3e88e81))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/518747d))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/91aa21e))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/f9be9b3))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/0.1.5...0.1.6)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/0.1.6...0.1.7)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/0.1.7...1.0.0)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/1.0.0...1.0.1)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/1.0.1...1.0.2)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/1.0.2...1.0.3)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/issues/3))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/issues/4))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/issues/6))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/issues/7))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dominictarr/config-chain.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dpranke/pyjson5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dustingetz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/editorconfig/editorconfig-core-js#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/issues
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.Loading
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.Module
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/tree/v$
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/flow/blob/master/lib/core.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/immutable-js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/jest#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/jest.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react-native/pull/1632
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/1698
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/3236).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/6887
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/708.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/7233
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/7240
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/pull/6896
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/pull/7101
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/pull/7178
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/pull/7232
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/DomHandler#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/boolbase
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/boolbase)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/boolbase.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/css-select#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/css-select/pull/43#issuecomment-225414692
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/css-what#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/css-what.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domelementtype#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domhandler#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domhandler?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domutils#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domutils?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/entities#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/entities?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/htmlparser2#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/htmlparser2?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/nth-check
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/nth-check.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/nth-check?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/get/parseuri
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/get/parseuri.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/get/querystring
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/get/querystring.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/gimdongwoo)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/repairES5.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/startSES.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/desugar_jdk_libs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/private-join-and-compute
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/protobuf
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/re2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ruy
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/securemessage
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/shaderc
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/shell-encryption
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ukey2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/woff2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/wuffs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/gotwarlost/istanbul/blob/master/ignoring-code-for-coverage.md#ignoring-code-for-c
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5/issues/97#issuecomment-171940774)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5/tree/master/scripts/generate-named-entity-data/README.md)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5/tree/master/scripts/generate_named_entity_data/README.md
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5/tree/master/scripts/generate_named_entity_data/README.md)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/abbrev-js#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/fs.realpath#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/fs.realpath.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/inflight
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/inherits#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/ini#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/minimatch#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-glob#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-glob/issues/167
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-glob/issues/205
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-lru-cache#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/once#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/proto-list#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/proto-list.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/pseudomap#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/pseudomap.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/sigmund#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/yallist#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/yallist.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/blob/2.1.3/src/manipulation/var/rcheckableType.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/blob/2.1.3/src/serialize.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/blob/3.6.0/AUTHORS.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L139
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L152
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jsdevkr/react-chatview#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jsdevkr/react-chatview.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/balanced-match
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/brace-expansion
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/isarray
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kriskowal
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kriskowal/q
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kriskowal/q/blob/v1/LICENSE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kriskowal/q/wiki/API-Reference
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/leebyron
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lodash/lodash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lodash/lodash.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/marijnh/acorn.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mathiasbynens/he/blob/master/src/he.js#L94-L119
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mishoo/UglifyJS2/blob/v2.4.20/lib/parse.js#L216
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mjwwit/node-XMLHttpRequest#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mokesmokes/backo#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mokesmokes/backo.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/niklasvh/base64-arraybuffer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/niklasvh/base64-arraybuffer.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/niklasvh/base64-arraybuffer/blob/master/LICENSE-MIT
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/32020
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/8871#issuecomment-250915913
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/9006
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/inflight.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-semver#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-semver.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/nopt#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/nopt.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/wrappy
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/wrappy.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/promises-aplus/promises-tests
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/rase-/arraybuffer.slice
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/simplejson/simplejson
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/has-flag#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/has-flag.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/path-is-absolute#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/path-is-absolute.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/slevithan/xregexp/blob/95eeebeb8fac8754d54eafe2b4743661ac1cf028/src/xregexp.js#L7
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/engine.io-client
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/engine.io-client.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/engine.io-parser
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/socket.io-client/actions)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/socket.io-client/workflows/CI/badge.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spicyj/innerhtml-vs-createelement-vs-clonenode.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/fb55
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/isaacs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stiang/remove-markdown
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stiang/remove-markdown.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/substack/node-concat-map#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/text.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tj/commander.js#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tj/commander.js.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/unshiftio/yeast
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/unshiftio/yeast.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/visionmedia/debug#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/112
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000006FA1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/web-animations/web-animations-js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/webmodules/blob
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws/issues/1202
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws/issues/1869.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/whatwg/html/issues/2369
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/whatwg/html/pull/907/files#r73505877
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/xiph/rnnoise
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/yujiosaka/socke.io-ie8-loading-example
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zeit/ms#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zeit/ms.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zulhilmizainuddin/nodejs-traceroute#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zulhilmizainuddin/nodejs-traceroute.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/wayland/weston
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/4NeimX
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLu
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuThe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuWebAudio.AutoplayWebAudio.Autoplay.CrossOriginWebAudio.Autoplay.UnlockType../..
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/EuHzyv
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/HxfxSQ
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/J6ASzs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/LdLk22
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/LdLk22Empty
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/LdLk22Failed
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C9A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/Y0ZkNV).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/rStTGz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/xX8pDD
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/xX8pDDplay()
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/ximf56
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/ximf56Iframe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google-analytics.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://google.com/pay
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://google.com/payhttps://android.com/paysecure-payment-confirmationAppStoreBillingPlaceHolderZZ
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://googlevideo.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gvt1.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gvt2.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gvt6.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/#nonce-attributes
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/#read-text
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/comms.html#the-websocket-interface
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/form-elements.html#concept-option-selectedness
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/microdata.html#microdata-dom-api
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/parsing.html#parsing-main-inforeign
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#disabled-elements
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/semantics-other.html#case-sensitivity-of-selectors
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/semantics.html#the-html-element
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#generate-implied-end-tags
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#has-an-element-in-button-scope
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#has-an-element-in-scope
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#html-integration-point
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inbody
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incaption
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incolgroup
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inhead
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inselect
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intable
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intbody
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intr
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#special
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#tag-name-state
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#tag-open-state
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.org/license
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://js.foundation/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsoneditoronline.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsperf.com/object-keys-vs-for-in-with-closure/3
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/icon.svg
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/license
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-unicode).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Structured_clone_algorithm)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mths.be/punycode
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mths.be/utf8js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://no-color.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/stream.html#stream_decoding_buffers_in_a_writable_stream
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.16.0/node-v14.16.0-headers.tar.gz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.16.0/node-v14.16.0.tar.gz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.16.0/node-v14.16.0.tar.gzhttps://nodejs.org/download/release
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.16.0/win-x64/node.lib
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspector
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://npmjs.org/package/iniparser
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://npmjs.org/package/minimatch
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://openjsf.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pagure.io/lohit
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-tolength
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://play.google.com/billing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://play.google.com/billingQuota
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ponyfill.com/)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-48
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-54
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-57
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-59
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-61
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-64
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-75
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://quiche.googlesource.com/quiche
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/dominictarr/config-chain/master/LICENCE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://reactjs.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://secure.travis-ci.org/substack/node-concat-map.png)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://semver.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sindresorhus.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sizzlejs.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://skia.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourceforge.net/project/?group_id=1519
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2045
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2046
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2152
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2822#appendix-A.1.2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3339#section-5.6
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc4007#section-11
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5280#section-4.2.1.13
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5280#section-5.2.7.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-9.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6657).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6960
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-3.1.1.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-3.1.1.5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://underscorejs.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/manifest/#installability-signalsVideoFrameProviderClientImpl::StartRenderingVi
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webrtc.org/web-apis/chrome/unified-plan/.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wiki.ecmascript.org/doku.php?id=harmony:egal).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/characteristics
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/descriptors
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/services
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/4664843055398912
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5082396709879808
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5082396709879808BeforeUnloadNoGestureBlocked
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5138066234671104
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5629582019395584.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.NavigatorVibrate../../third_party/blink/render
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5654791610957824
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.Blocked
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5687444770914304
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5714245488476160
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5735596811091968
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648DeprecationReportBody
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952blinkAddEventListenerAdded
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608Added
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/6451284559265792
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/%s
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5093566007214080
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/50935660072140800
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5144752345317376
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5637885046816768.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5654810086866944
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5851021045661696.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5851021045661696.The
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/6107495151960064
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/6662647093133312
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/6680566019653632
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.The
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.cl.cam.ac.uk/%7Emgk25/ucs/utf8_check.c
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.computerhope.com/jargon/h/html-basefont-tag.htm
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.iana.org/assignments/media-types/media-types.xhtml)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/socket.io-client)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.typescriptlang.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/copyright.html.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.zentao.net/0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/.

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Code function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405461

Installs a raw input device (often for capturing keystrokes)

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971322469.00000000066A0000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_b2c9f445-0

System Summary

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Code function: 0_2_030910D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,

0_2_030910D0

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040338F

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_00406B15	0_2_00406B15
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004072EC	0_2_004072EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_00404C9E	0_2_00404C9E

Enables security privileges

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Process token adjusted: Security

Jump to behavior

PE file contains more sections than normal

Source: updater.win64.exe.0.dr	Static PE information: Number of sections : 11 > 10
Source: zentaoclient.exe.0.dr	Static PE information: Number of sections : 12 > 10

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs SecuriteInfo.com.Heur.21832.3236.exe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs SecuriteInfo.com.Heur.21832.3236.exe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename: vs SecuriteInfo.com.Heur.21832.3236.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean5.winEXE@12/188@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_0040338F

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Code function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404722

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Code function: 0_2_00402104 CoCreateInstance,

0_2_00402104

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\AtomProcessSingletonStartup!
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Mutant created: \Sessions\1\BaseNamedObjects\f3057352-10e3-53a8-8e7d-c7f226474698

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Local\Temp\nsk192.tmp

Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe "C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe"
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msspellcheckingfacility.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msmpeg2vdec.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mfperfhelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dxva2.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msvproc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mfh264enc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windows.media.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: twinapi.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: ??.lnk.0.dr	LNK file: ..\..\..\..\..\Local\Programs\zentaoclient\zentaoclient.exe
Source: ??.lnk0.0.dr	LNK file: ..\AppData\Local\Programs\zentaoclient\zentaoclient.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Automated click: Next >
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698

Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static file information: File size 86971128 > 1048576

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000780B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdbj source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libGLESv2.dll.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: d3dcompiler_47.dll.0.dr

Static PE information: 0xF3329C94 [Sat Apr 18 07:26:12 2099 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_030910D0

PE file contains sections with non-standard names

Source: ffmpeg.dll.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: _RDATA
Source: updater.win64.exe.0.dr	Static PE information: section name: /4
Source: updater.win64.exe.0.dr	Static PE information: section name: /18
Source: updater.win64.exe.0.dr	Static PE information: section name: /30
Source: updater.win64.exe.0.dr	Static PE information: section name: /43
Source: updater.win64.exe.0.dr	Static PE information: section name: /59
Source: updater.win64.exe.0.dr	Static PE information: section name: /75
Source: updater.win64.exe.0.dr	Static PE information: section name: /90
Source: updater.win64.exe.0.dr	Static PE information: section name: .symtab
Source: qgenericbearer.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvgicon.dll.0.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.0.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.0.dr	Static PE information: section name: .qtmetad
Source: qico.dll.0.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwbmp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: opengl32sw.dll.0.dr	Static PE information: section name: _RDATA
Source: qwindows.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.dr	Static PE information: section name: .qtmetad
Source: libEGL.dll1.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll1.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll1.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll1.0.dr	Static PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: _RDATA
Source: zentaoclient.exe.0.dr	Static PE information: section name: .00cfg
Source: zentaoclient.exe.0.dr	Static PE information: section name: .retplne
Source: zentaoclient.exe.0.dr	Static PE information: section name: .rodata
Source: zentaoclient.exe.0.dr	Static PE information: section name: CPADinfo
Source: zentaoclient.exe.0.dr	Static PE information: section name: _RDATA

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\D3Dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer\qgenericbearer.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSE.electron.txt

Jump to behavior

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??.lnk

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer\qgenericbearer.dll	Jump to dropped file

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File Volume queried: C:\Users\user\AppData\Local\Programs FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File Volume queried: C:\Users\user\AppData\Local\Programs FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File Volume queried: C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File Volume queried: C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File Volume queried: C:\Users\user\AppData\Roaming\zentaoclient\blob_storage\ad052674-6a2b-49a8-9bb3-be27f31603c8 FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004059CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004065FD FindFirstFileW,FindClose,	0_2_004065FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\locales	Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: invalid PARAM usage_mesa_symbol_table_push_scope_mesa_symbol_table_add_symbol_mesa_symbol_table_add_global_symbolARB_position_invariantARB_fog_expexp2linearprecision_hint_nicestfastestdraw_buffersfragment_program_shadowfragment_coord_origin_upper_leftpixel_center_integerATI_fatal flex scanner internal error--no action foundfatal flex scanner internal error--end of buffer missedfatal error - scanner input buffer overflowinput in flex scanner failedout of dynamic memory in yy_get_next_buffer()flex scanner push-back overflowout of dynamic memory in _mesa_program_lexer__create_buffer()out of dynamic memory in _mesa_program_lexer_ensure_buffer_stack()out of dynamic memory in _mesa_program_lexer__scan_buffer()out of dynamic memory in _mesa_program_lexer__scan_bytes()bad buffer in _mesa_program_lexer__scan_bytes()_mesa_program_lexer_set_lineno called with no buffer_mesa_program_lexer_set_column called with no bufferSOFTPIPE_USE_LLVMVMware, Inc.softpipeUnexpected PIPE_CAP %d query
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware Virtual Webcam
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMnet
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@L
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: LLVMX86_FP80TypeKind
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Net.RedirectChainLengthurl_chainload_state_paramdelegate_blocked_byhas_uploadis_pendingDelegateNet.URLRequest.ReferrerPolicyForRequest.SameOriginNet.URLRequest.ReferrerHasInformativePath.SameOriginNet.URLRequest.ReferrerPolicyForRequest.CrossOriginNet.URLRequest.ReferrerHasInformativePath.CrossOriginURLRequestContextnet/url_request_context/%s/0x%llx../../net/url_request/url_request_job.ccOnDonenum_failuresrelease_after_msThrottling.RequestThrottled%08x: %02x ../../net/base/network_interfaces_win.ccWlanApiwlanapi.dllWlanQueryInterfaceWlanSetInterfaceVMnetGetAdaptersAddresses failed: ../../net/cert/x509_util_win.ccerror parsing intermediate
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: (IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: eb1a:2860eb1a:28201ce6:282012ab:03801943:22530c45:64d00c45:64d21bcf:298504ca:704704ca:704804f2:b3ed04f2:b3ca05c8:035d05c8:036904ca:709513d3:52570bda:57f2VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCam../../media/capture/video/video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: t1t0t3t2dst1dst0dst3dst2LLVMFloatTypeKindLLVMVoidTypeKindLLVMX86_FP80TypeKindLLVMDoubleTypeKindLLVMPPC_FP128TypeKindLLVMFP128TypeKindLLVMIntegerTypeKindLLVMLabelTypeKindLLVMStructTypeKindLLVMFunctionTypeKindLLVMPointerTypeKindLLVMArrayTypeKindLLVMMetadataTypeKindLLVMVectorTypeKindVector [%u] of %u-bit Integer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Adreno (TM) 418Adreno (TM) 530Adreno (TM) 540GL_EXT_texture_lod_biasARB_draw_buffersGL_ARB_texture_swizzleGL_EXT_texture_swizzleGL_ARB_pixel_buffer_objectGL_EXT_pixel_buffer_objectGL_EXT_draw_buffers2GL_ARB_fragment_shaderGL_NV_texture_border_clampGL_ARB_robust_buffer_access_behaviorGL_EXT_framebuffer_sRGBGL_ARB_framebuffer_sRGBfunctions->standard == STANDARD_GL_DESKTOP && isAMDfunctions->standard == STANDARD_GL_DESKTOP && isIntelisIntel && !IsSandyBridge(device) && !IsIvyBridge(device) && !IsHaswell(device)IsApple() && isIntelisIntel && IsApple() && IsSkylake(device) && GetMacOSVersion() < OSVersion(10, 13, 2)functions->standard == STANDARD_GL_DESKTOP && (isIntel \|\| isAMD)IsLinux() && functions->standard == STANDARD_GL_DESKTOP && isAMD(IsApple() && functions->standard == STANDARD_GL_DESKTOP) \|\| (IsLinux() && isAMD)IsApple() && functions->standard == STANDARD_GL_DESKTOP && GetMacOSVersion() < OSVersion(10, 11, 0)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 0)IsApple() && isAMDIsAndroid() && isQualcommfunctions->standard == STANDARD_GL_DESKTOP && isNvidiaIsApple() \|\| isNvidiafunctions->isAtMostGL(gl::Version(4, 1)) \|\| (functions->standard == STANDARD_GL_DESKTOP && isAMD)isAMD \|\| IsAndroid()IsAndroid() \|\| isNvidia(IsAndroid() && isQualcomm) \|\| (isIntel && IsApple())isAMD \|\| isIntelIsNexus5X(vendor, device)IsAndroid() \|\| (IsWindows() && isIntel)(IsWindows() && (isIntel \|\| isAMD)) \|\| (IsLinux() && isNvidia) \|\| IsIOS() \|\| IsAndroidEmulator(functions)IsAndroid() \|\| limitMaxTextureSizeIsAndroid() \|\| (IsApple() && (isIntel \|\| isAMD \|\| isNvidia))limitMaxTextureSizeIsApple()IsAndroid() \|\| isAMD \|\| !functions->hasExtension("GL_KHR_robust_buffer_access_behavior")IsApple() && isIntel && GetMacOSVersion() >= OSVersion(10, 12, 4)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 6)IsLinux() \|\| (IsAndroid() && isNvidia) \|\| (IsWindows() && isNvidia) \|\| (IsApple() && functions->standard == STANDARD_GL_ES)IsApple() \|\| (IsLinux() && isAMD)IsApple() \|\| (IsWindows() && isAMD)functions->standard == STANDARD_GL_DESKTOP && functions->isAtLeastGL(gl::Version(3, 1)) && !functions->isAtLeastGL(gl::Version(4, 3))features->emulatePrimitiveRestartFixedIndex.enabled && IsApple() && isIntelIsApple() \|\| IsAndroid() \|\| IsWindows()functions->standard == STANDARD_GL_ES && functions->isAtLeastGLES(gl::Version(3, 1)) && functions->hasGLESExtension("GL_EXT_texture_norm16")IsWindows() && isAMDIsLinux() && isAMD && isMesa && mesaVersion < (std::array<int, 3>{19, 3, 5})(IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))IsApple() && functions->standard == STANDARD_GL_ES && !(isAMD && IsWindows())isDualGPUMacWithNVIDIAisTSANBuild && IsLinux() && isNvidiaIsApple() && (isAMD \|\| isIntel \|\| isNvidia)IsLinux() && IsWayland()!CanMapBufferForRead(functions)IsApple() && hasAMDIsAdreno42xOr3xx(func

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_030910D0

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --gpu-preferences=saaaaaaaaadgaaawaaaaaaaaaaaaaaaaaabgaaaaaaaoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab4aaaaaaaaahgaaaaaaaaakaaaaaqaaaagaaaaaaaaacgaaaaaaaaamaaaaaaaaaa4aaaaaaaaabaaaaaaaaaaaaaaaauaaaaqaaaaaaaaaaaaaaagaaaaeaaaaaaaaaabaaaabqaaabaaaaaaaaaaaqaaaayaaaaiaaaaaaaaaagaaaaaaaaa --mojo-platform-channel-handle=1612 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.networkservice --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --disable-gpu-compositing --lang=en-gb --app-user-model-id=com.cnezsoft.zentaoclient --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --gpu-preferences=saaaaaaaaadgaaawaaaaaaaaaaaaaaaaaabgaaaaaaaoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab4aaaaaaaaahgaaaaaaaaakaaaaaqaaaagaaaaaaaaacgaaaaaaaaamaaaaaaaaaa4aaaaaaaaabaaaaaaaaaaaaaaaauaaaaqaaaaaaaaaaaaaaagaaaaeaaaaaaaaaabaaaabqaaabaaaaaaaaaaaqaaaayaaaaiaaaaaaaaaagaaaaaaaaa --mojo-platform-channel-handle=1612 /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.networkservice --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --disable-gpu-compositing --lang=en-gb --app-user-model-id=com.cnezsoft.zentaoclient --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1	Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: ../../third_party/webrtc/modules/desktop_capture/win/window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progmanffff:%hx%n%4hx%n../../third_party/webrtc/modules/desktop_capture/win/dxgi_frame.ccDxgiFrame cannot create a new DesktopFrame.../../third_party/webrtc/modules/desktop_capture/win/dxgi_adapter_duplicator.ccIDXGIAdapter::EnumOutputs returned NOT_CURRENTLY_AVAILABLE. This may happen when running in session 0.IDXGIAdapter::EnumOutputs returned an unexpected result: Failed to convert IDXGIOutput to IDXGIOutput1, this usually means the system does not support DirectX 11Failed to initialize DxgiOutputDuplicator on output AttachedDetached output ) - () is ignored.Failed to get output description of device , ignore.Cannot initialize any DxgiOutputDuplicator instance.

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Users VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\en.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\extensions.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_0040338F

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	EXE: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSE.electron.txt

Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000780B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdbj source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libGLESv2.dll.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp

Spreading

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004059CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004065FD FindFirstFileW,FindClose,	0_2_004065FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\locales	Jump to behavior

Networking

Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: a--optimize-for-size--noharmony-shipping--harmony--wasm-staging--future--no-future--liftoff--no-liftoff--wasm-lazy-compilation--no-wasm-lazy-compilation--experimental-wasm-simd--no-experimental-wasm-simd--harmony-import-assertions--harmony-atomics--no-harmony-sharedarraybuffer--wasm-tier-up--no-wasm-tier-up--no-wasm-trap-handler--no-untrusted-code-mitigationsV8.MemoryHeapUsedV8.MemoryHeapCommitted.gmail.docs.plus.inboxcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.com equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000006FE5000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://%s:80../../services/network/public/cpp/network_connection_tracker.ccOnNetworkChangedOnGetConn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007075000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774D3C000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://.css
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007075000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774D3C000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://.jpg
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://2x.io
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://allyoucanleet.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1085
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452expand_integer_pow_expressionsThe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1512
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1637
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1936
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2046
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152skip_vs_constant_register_zeroIn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2273
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2514
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2727
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2978
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3016
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3027
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3045
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3153
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3243
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246allow_clear_for_robust_resource_initSome
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3529
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682GL_USES_FRAG_COLORGL_USES_FRAG_DATA_SECONDARY_COLORGL_USES_SECONDARGL_USES_F
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3729
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3859
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3997
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4214
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4267
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4339
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4646
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/482
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4995
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5469
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://api.www.myobfuscate.com/?getsrc=ok
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-w
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://bugs.jquery.com/ticket/12385.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://casper.beckman.uiuc.edu/~c-tsai4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://chasen.aist-nara.ac.jp/chasen/distribution.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ci.testling.com/substack/node-concat-map)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ci.testling.com/substack/node-concat-map.png)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cldr.unicode.org/index/downloads
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/lao-dictionary/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/smhasher/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/v8
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/v8/issues/detail?id=1858).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1094869
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/110263
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1144207
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1171371
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/308366
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/403957
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/565179
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/619103.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/619103.Subsequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642227
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642605
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/644669
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/650547
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/672380
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/709351
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/772651
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/797243
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/809422
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/830046
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/849576
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/883276
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/927470
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThere
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://creativecommons.org/licenses/MIT/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://daniel.zelisko.net
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dev.w3.org/csswg/css-color/#hwb-to-rgb
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://devel.freebsoft.org/speechd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://developers.google.com/speed/webp
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dom.spec.whatwg.org/#dom-domimplementation-hasfeature
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dom.spec.whatwg.org/#dom-node-comparedocumentposition
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://dominictarr.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-patterns).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-tolength).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://encoding.spec.whatwg.org/#big5-encoder
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://esprima.org)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/commonnode-set../../third_party/blink/renderer/core/xml/xslt_extensions.ccxsltNewSe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://facebook.github.io/react/)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant=
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fb.me/prop-types-in-prod
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fb.me/use-check-prop-types
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://fedorahosted.org/lohit>
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://feedic.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://feross.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ghinda.net/jpeg-blob-ajax-android/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/Raynos/to-array/raw/master/LICENSE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/danielzzz/node-ping
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/dominictarr/config-chain
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/gperftools/gperftools
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/kriskowal/mr)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/sctplab/usrsctp
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://goo.gl/0ejHHW
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://google.github.io/snappy/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://hertzen.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007075000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774D3C000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxon
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://icu-project.org/docs/papers/gb18030.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://img.shields.io/npm/dm/socket.io-client.svg?style=flat)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://isrc.ifpi.org/en/isrc-standard/code-syntax
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/173636783
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/1-vs-infinity
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/copy-array-inline
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/emptying-a-node
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/hashing-strings
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/key-exists
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/key-missing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/obj-vs-arr-iteration
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/uncurrythis
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://juliangruber.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://llvm.org/):
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://marijnhaverbeke.nl/git/acorn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://me.abelcheung.org/articles/research/what-is-cp951/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://modernizr.com/docs/#prefixed)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://moztw.org/docs/big5/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://n8.io/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://npmjs.org)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000000.1732463402.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.org/licenses/bsd-license.php
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://promises-aplus.github.com/promises-spec/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schema.org/docs/gs.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFL
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://slack.socket.io)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://slack.socket.io/badge.svg?)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/compatibility)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/16459606/376773
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/398120/376773
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/5982798/376773
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/9808332/192024).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://substack.net
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tanyabrassie.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://travis-ci.org/substack/node-concat-map)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://trevp.net/tlslite/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tukaani.org/xz/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://underscorejs.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://underscorejs.org/LICENSE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://valgrind.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://webkit.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wiki.ecmascript.org/doku.php?id=conventions:safe_meta_programming
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wiki.ecmascript.org/doku.php?id=strawman:concurrency
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wiki.ecmascript.org/doku.php?id=strawman:concurrency&rev=1308776521#allfulfilled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wpad/wpad.dat
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheck../../net/proxy_
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wpad/wpad.dat../../net/proxy_resolution/win/proxy_config_service_win.cc~ProxyConfigServiceWin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.andismith.com/blog/2012/02/modernizr-prefixed/)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chromium.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.color.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.color.orgRegistryNameCustomOutputConditionIdentifiersRGB
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dabeaz.com/ply/ply-3.11.tar.gz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-7.9.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-array-exotic-objects
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-toint32
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01http://www.webrtc.org/exper
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.jclark.com/xt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.localeplanet.com/java/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.nonblocking.io/2011/06/windownexttick.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.nongnu.org/freebangfont/downloads.html#mukti
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ploscompbiol.org/static/license
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.polymer-project.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.pylint.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/blog/archives/2008/04/delegating_the.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/blog/archives/2010/09/click_event_del.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/dom/events/scroll.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/dom/events/tests/scroll.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quirksmode.org/js/events_properties.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.strongtalk.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.thespanner.co.uk/2007/11/26/ultimate-xss-css-injection/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1841978948.0000000005CB0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.webmproject.org/code/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.webrtc.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-timeurn:3gpp:video-orientationhttp://www.we
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-timehttp://www.ietf.org/id/draft-holmer-rmcat-
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02http://www.webrtc.org/experiments/r
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-frame-tracking-id
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/parsing.html#preprocessing-the-input-str
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-input-element.html#input-type-attr-s
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#appropriate-end-tag-to
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#tokenizing-character-r
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/tree-construction.html#adoptionAgency)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://zlib.net/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://android.com/pay
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://android.googlesource.com/platform/external/setupdesign/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4674
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4849
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5140
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/add/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/addBack/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/addClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/after/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/append/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/appendTo/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/before/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/children/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/clone/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/closest/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/contents/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/each/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/empty/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/end/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/eq/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/find/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/first/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/has/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/hasClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/index/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/insertAfter/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/insertBefore/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/is/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/jQuery.contains/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/jQuery.merge/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/last/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/map/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/next/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/nextAll/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/nextUntil/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/not/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/parent/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/parents/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/parentsUntil/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prepend/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prependTo/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prev/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prevAll/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/prevUntil/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/remove/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/removeAttr/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/removeClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/replaceWith/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/serialize/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/serializeArray/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/siblings/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/slice/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/toggleClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/unwrap/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/wrap/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/wrapAll/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.jquery.com/wrapInner/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://badge.fury.io/js/socket.io-client.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beautifier.io/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bit.ly/audio-worklet)ScriptProcessorHandler::ProcessScriptProcessorHandler::Process
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/gutworth/six/commits/tag/1.10.0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlaudio
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blogs.office.com/2013/04/17/outlook-com-gets-two-step-verification-sign-in-by-alias-and-new-
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=608416
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10704
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/13393
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/4833
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1276240
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=162431
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=208427
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=310299
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.android.clients.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.bigcache.googleapis.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.doc-0-0-sj.sj.googleusercontent.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.docs.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.drive.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.googlesyndication.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.pack.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.play.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://c.youtube.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cheerio.js.org#loading
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cheerio.js.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorehttps://clients2.google.com/service/update2/crx/detail/sb-ssl.goog
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromestatus.com/feature/4735925877735424
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromestatus.com/feature/5436853517811712
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=355103
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/sctp-refimpl/source/browse/trunk/COPYRIGHT)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1042393
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1046462
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1053756
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1053756ICE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1091824
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1137851
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1144908
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1144908.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1144908.The
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1144908Changing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1154140
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024select_view_in_geometry_shaderThe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547call_clear_twiceUsing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534use_system_memory_for_constant_buffersCopying
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/705865
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/710443
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/811661
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/824383
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/824647
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/882238.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/927119
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/927119../../third_party/blink/renderer/core/script/script_loader.ccPrepareScriptEx
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/954323
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/981419
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by-sa/4.0/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://david-dm.org/socketio/socket.io-client#info=devDependencies)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://david-dm.org/socketio/socket.io-client)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://david-dm.org/socketio/socket.io-client.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://david-dm.org/socketio/socket.io-client/dev-status.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dawn.googlesource.com/tint
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://dejavu-fonts.github.io/Download.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/assign)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Global_Objects/String/fromCharCode#Get
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/AnimationEvent
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent#Key_names
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Node/innerText
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Node/textContent
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/TransitionEvent
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/At-rule
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTML/Block-level_elements
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/isindex
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTML/Inline_elements
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#Escaping
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map#Key_equality)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/android/guides/setup
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-write
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-writeDocument.writewritelnDocume
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2019/07/web-components-time-to-upgrade
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://discord.gg/electron
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/library/functions.html#range).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://electronjs.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.com/immutable-js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.count
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.foreach
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.map
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.only
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.toarray
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.cloneelement
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createclass
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createelement
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createfactory
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.isvalidelement
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.finddomnode
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.render
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.unmountcomponentatnode
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-controlled-components
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-devtools
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-event-pooling
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-invariant-dangerously-set-inner-html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-legacyfactory
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-minification
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-refs-must-have-owner).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-special-props)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-spread-deprecation
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-unknown-prop%s
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-warning-dont-call-proptypes
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-warning-keys
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fb.me/react-warning-polyfills
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gcp.gvt2.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gcp.gvt6.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/1782808).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/engine.io-client/pull/217
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/has-binary/pull/4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/socket.io-client#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/socket.io-client.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/socket.io-parser#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Automattic/socket.io-parser.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ChALkeR
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ChALkeR/safer-buffer#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Cyan4973/xxHash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/FB55/domelementtype#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/FB55/domutils#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GoogleChromeLabs/pywebsocket3/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Cross
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/MarshallOfSound/react-electron-web-view
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/MarshallOfSound/react-electron-web-view.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Microsoft/tslib.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Modernizr/Modernizr/blob/master/feature-detects/cors.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/NobleJS/setImmediate
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/NobleJS/setImmediate))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Qix-/color-convert#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Qix-/color-convert.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Qix-/color-convert/blob/3f0e0d4e92e235796ccb17f6e85c72094a651f49/conversions.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Raynos/after#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Raynos/to-array
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/STRML/async-limiter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/gh-pages/implementation-status.md
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/gh-pages/implementation-status.mdBluetoothEithe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/aawc/unrar.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/amdjs/amdjs-api/wiki/AMD#defineamd-property-
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/antirez/linenoise
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ariya/phantomjs/issues/11395
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/benjamingr/RegExp.escape/blob/main/polyfill.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/master/index.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-styles#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-styles.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-styles?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/chalk#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/chalk.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/chalk/pull/92
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/chalk?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cheeriojs/cheerio-select#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cheeriojs/cheerio?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cheeriojs/dom-renderer#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cheeriojs/dom-serializer?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chriso/validator.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chriso/validator.js.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/colorjs/color-name
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/bind#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/bind.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/emitter#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/emitter.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/has-cors#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/inherit#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/inherit.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/27165d2))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/2a7b25c))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/3e88e81))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/518747d))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/91aa21e))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/commit/f9be9b3))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/0.1.5...0.1.6)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/0.1.6...0.1.7)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/0.1.7...1.0.0)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/1.0.0...1.0.1)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/1.0.1...1.0.2)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/compare/1.0.2...1.0.3)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/issues/3))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/issues/4))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/issues/6))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/darrachequesne/has-binary/issues/7))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dominictarr/config-chain.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dpranke/pyjson5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dustingetz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/editorconfig/editorconfig-core-js#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/issues
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.Loading
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.Module
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/electron/electron/tree/v$
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/flow/blob/master/lib/core.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/immutable-js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/jest#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/jest.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react-native/pull/1632
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/1698
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/3236).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/6887
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/708.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/7233
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/issues/7240
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/pull/6896
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/pull/7101
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/pull/7178
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/react/pull/7232
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/DomHandler#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/boolbase
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/boolbase)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/boolbase.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/css-select#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/css-select/pull/43#issuecomment-225414692
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/css-what#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/css-what.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domelementtype#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domhandler#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domhandler?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domutils#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/domutils?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/entities#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/entities?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/htmlparser2#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/htmlparser2?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/nth-check
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/nth-check.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/fb55/nth-check?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/get/parseuri
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/get/parseuri.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/get/querystring
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/get/querystring.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/gimdongwoo)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/repairES5.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/startSES.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/desugar_jdk_libs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/private-join-and-compute
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/protobuf
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/re2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ruy
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/securemessage
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/shaderc
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/shell-encryption
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ukey2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/woff2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/wuffs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/gotwarlost/istanbul/blob/master/ignoring-code-for-coverage.md#ignoring-code-for-c
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5/issues/97#issuecomment-171940774)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5/tree/master/scripts/generate-named-entity-data/README.md)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5/tree/master/scripts/generate_named_entity_data/README.md
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inikulin/parse5/tree/master/scripts/generate_named_entity_data/README.md)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/abbrev-js#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/fs.realpath#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/fs.realpath.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/inflight
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/inherits#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/ini#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/minimatch#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-glob#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-glob/issues/167
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-glob/issues/205
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/node-lru-cache#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/once#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/proto-list#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/proto-list.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/pseudomap#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/pseudomap.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/sigmund#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/yallist#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/yallist.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/blob/2.1.3/src/manipulation/var/rcheckableType.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/blob/2.1.3/src/serialize.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/blob/3.6.0/AUTHORS.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L139
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L152
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jsdevkr/react-chatview#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jsdevkr/react-chatview.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/balanced-match
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/brace-expansion
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/juliangruber/isarray
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kriskowal
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kriskowal/q
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kriskowal/q/blob/v1/LICENSE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kriskowal/q/wiki/API-Reference
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/leebyron
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lodash/lodash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lodash/lodash.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/marijnh/acorn.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mathiasbynens/he/blob/master/src/he.js#L94-L119
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mishoo/UglifyJS2/blob/v2.4.20/lib/parse.js#L216
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mjwwit/node-XMLHttpRequest#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mokesmokes/backo#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mokesmokes/backo.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/niklasvh/base64-arraybuffer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/niklasvh/base64-arraybuffer.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/niklasvh/base64-arraybuffer/blob/master/LICENSE-MIT
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/32020
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/8871#issuecomment-250915913
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/9006
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/inflight.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-semver#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/node-semver.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/nopt#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/nopt.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/wrappy
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/wrappy.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/promises-aplus/promises-tests
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/rase-/arraybuffer.slice
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/simplejson/simplejson
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/has-flag#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/has-flag.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/path-is-absolute#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/path-is-absolute.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/slevithan/xregexp/blob/95eeebeb8fac8754d54eafe2b4743661ac1cf028/src/xregexp.js#L7
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/engine.io-client
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/engine.io-client.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/engine.io-parser
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/socket.io-client/actions)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/socketio/socket.io-client/workflows/CI/badge.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/spicyj/innerhtml-vs-createelement-vs-clonenode.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/fb55
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/isaacs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stiang/remove-markdown
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/stiang/remove-markdown.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/substack/node-concat-map#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/text.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tj/commander.js#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tj/commander.js.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/unshiftio/yeast
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/unshiftio/yeast.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/visionmedia/debug#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/112
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000006FA1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/web-animations/web-animations-js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/webmodules/blob
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws/issues/1202
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/websockets/ws/issues/1869.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/whatwg/html/issues/2369
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/whatwg/html/pull/907/files#r73505877
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/xiph/rnnoise
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/yujiosaka/socke.io-ie8-loading-example
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zeit/ms#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zeit/ms.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zulhilmizainuddin/nodejs-traceroute#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zulhilmizainuddin/nodejs-traceroute.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/wayland/weston
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/4NeimX
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLu
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuThe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/7K7WLuWebAudio.AutoplayWebAudio.Autoplay.CrossOriginWebAudio.Autoplay.UnlockType../..
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/EuHzyv
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/HxfxSQ
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/J6ASzs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/LdLk22
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/LdLk22Empty
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/LdLk22Failed
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C9A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/Y0ZkNV).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/rStTGz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/xX8pDD
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/xX8pDDplay()
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/ximf56
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/ximf56Iframe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://google-analytics.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://google.com/pay
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://google.com/payhttps://android.com/paysecure-payment-confirmationAppStoreBillingPlaceHolderZZ
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://googlevideo.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gvt1.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gvt2.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gvt6.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/#nonce-attributes
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/#read-text
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/comms.html#the-websocket-interface
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/form-elements.html#concept-option-selectedness
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/microdata.html#microdata-dom-api
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/parsing.html#parsing-main-inforeign
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#disabled-elements
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/semantics-other.html#case-sensitivity-of-selectors
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/semantics.html#the-html-element
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#generate-implied-end-tags
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#has-an-element-in-button-scope
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#has-an-element-in-scope
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#html-integration-point
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inbody
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incaption
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incolgroup
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inhead
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inselect
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intable
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intbody
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intr
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#special
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#tag-name-state
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#tag-open-state
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.org/license
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://js.foundation/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsoneditoronline.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsperf.com/object-keys-vs-for-in-with-closure/3
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/icon.svg
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/license
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-unicode).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Structured_clone_algorithm)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mths.be/punycode
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mths.be/utf8js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://no-color.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/stream.html#stream_decoding_buffers_in_a_writable_stream
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.16.0/node-v14.16.0-headers.tar.gz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.16.0/node-v14.16.0.tar.gz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.16.0/node-v14.16.0.tar.gzhttps://nodejs.org/download/release
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.16.0/win-x64/node.lib
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspector
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://npmjs.org/package/iniparser
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://npmjs.org/package/minimatch
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://openjsf.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pagure.io/lohit
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-tolength
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://play.google.com/billing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://play.google.com/billingQuota
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ponyfill.com/)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-48
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-54
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-57
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-59
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-61
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-64
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-75
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://quiche.googlesource.com/quiche
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/dominictarr/config-chain/master/LICENCE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://reactjs.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://secure.travis-ci.org/substack/node-concat-map.png)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://semver.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sindresorhus.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sizzlejs.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://skia.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourceforge.net/project/?group_id=1519
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2045
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2046
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2152
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2822#appendix-A.1.2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3339#section-5.6
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc4007#section-11
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5280#section-4.2.1.13
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5280#section-5.2.7.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-9.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6657).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6960
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-3.1.1.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-3.1.1.5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://underscorejs.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/manifest/#installability-signalsVideoFrameProviderClientImpl::StartRenderingVi
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webrtc.org/web-apis/chrome/unified-plan/.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wiki.ecmascript.org/doku.php?id=harmony:egal).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/characteristics
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/descriptors
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.bluetooth.com/specifications/gatt/services
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/4664843055398912
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5082396709879808
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5082396709879808BeforeUnloadNoGestureBlocked
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5138066234671104
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5629582019395584.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.NavigatorVibrate../../third_party/blink/render
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5654791610957824
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.Blocked
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5687444770914304
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5714245488476160
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5735596811091968
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648DeprecationReportBody
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952blinkAddEventListenerAdded
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608Added
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/6451284559265792
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/%s
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5093566007214080
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/50935660072140800
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5144752345317376
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5637885046816768.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5654810086866944
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5851021045661696.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/5851021045661696.The
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/6107495151960064
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/6662647093133312
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/features/6680566019653632
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.The
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.cl.cam.ac.uk/%7Emgk25/ucs/utf8_check.c
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.computerhope.com/jargon/h/html-basefont-tag.htm
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.iana.org/assignments/media-types/media-types.xhtml)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/socket.io-client)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.typescriptlang.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/copyright.html.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.zentao.net/0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/.

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_00405461

Installs a raw input device (often for capturing keystrokes)

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971322469.00000000066A0000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_b2c9f445-0

System Summary

Contains functionality to call native functions

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_030910D0

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_0040338F

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_00406B15	0_2_00406B15
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004072EC	0_2_004072EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_00404C9E	0_2_00404C9E

Enables security privileges

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Process token adjusted: Security

Jump to behavior

PE file contains more sections than normal

Source: updater.win64.exe.0.dr	Static PE information: Number of sections : 11 > 10
Source: zentaoclient.exe.0.dr	Static PE information: Number of sections : 12 > 10

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs SecuriteInfo.com.Heur.21832.3236.exe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs SecuriteInfo.com.Heur.21832.3236.exe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename: vs SecuriteInfo.com.Heur.21832.3236.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean5.winEXE@12/188@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_0040338F

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Code function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404722

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Code function: 0_2_00402104 CoCreateInstance,

0_2_00402104

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\AtomProcessSingletonStartup!
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Mutant created: \Sessions\1\BaseNamedObjects\f3057352-10e3-53a8-8e7d-c7f226474698

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Local\Temp\nsk192.tmp

Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe "C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe"
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msspellcheckingfacility.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msmpeg2vdec.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mfperfhelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dxva2.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msvproc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mfh264enc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: windows.media.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5network.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: qt5svg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Section loaded: twinapi.appcore.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: ??.lnk.0.dr	LNK file: ..\..\..\..\..\Local\Programs\zentaoclient\zentaoclient.exe
Source: ??.lnk0.0.dr	LNK file: ..\AppData\Local\Programs\zentaoclient\zentaoclient.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Automated click: Next >
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698

Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static file information: File size 86971128 > 1048576

Source: SecuriteInfo.com.Heur.21832.3236.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000780B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdbj source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libGLESv2.dll.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Binary contains a suspicious time stamp

Source: d3dcompiler_47.dll.0.dr

Static PE information: 0xF3329C94 [Sat Apr 18 07:26:12 2099 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_030910D0

PE file contains sections with non-standard names

Source: ffmpeg.dll.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: _RDATA
Source: updater.win64.exe.0.dr	Static PE information: section name: /4
Source: updater.win64.exe.0.dr	Static PE information: section name: /18
Source: updater.win64.exe.0.dr	Static PE information: section name: /30
Source: updater.win64.exe.0.dr	Static PE information: section name: /43
Source: updater.win64.exe.0.dr	Static PE information: section name: /59
Source: updater.win64.exe.0.dr	Static PE information: section name: /75
Source: updater.win64.exe.0.dr	Static PE information: section name: /90
Source: updater.win64.exe.0.dr	Static PE information: section name: .symtab
Source: qgenericbearer.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvgicon.dll.0.dr	Static PE information: section name: .qtmetad
Source: qgif.dll.0.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.0.dr	Static PE information: section name: .qtmetad
Source: qico.dll.0.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwbmp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr	Static PE information: section name: .00cfg
Source: opengl32sw.dll.0.dr	Static PE information: section name: _RDATA
Source: qwindows.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.dr	Static PE information: section name: .qtmetad
Source: libEGL.dll1.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll1.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll1.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll1.0.dr	Static PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: _RDATA
Source: zentaoclient.exe.0.dr	Static PE information: section name: .00cfg
Source: zentaoclient.exe.0.dr	Static PE information: section name: .retplne
Source: zentaoclient.exe.0.dr	Static PE information: section name: .rodata
Source: zentaoclient.exe.0.dr	Static PE information: section name: CPADinfo
Source: zentaoclient.exe.0.dr	Static PE information: section name: _RDATA

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\D3Dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer\qgenericbearer.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSE.electron.txt

Jump to behavior

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??.lnk

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer\qgenericbearer.dll	Jump to dropped file

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File Volume queried: C:\Users\user\AppData\Local\Programs FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File Volume queried: C:\Users\user\AppData\Local\Programs FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File Volume queried: C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File Volume queried: C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	File Volume queried: C:\Users\user\AppData\Roaming\zentaoclient\blob_storage\ad052674-6a2b-49a8-9bb3-be27f31603c8 FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_004059CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_004065FD FindFirstFileW,FindClose,	0_2_004065FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Code function: 0_2_00402868 FindFirstFileW,	0_2_00402868

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	File opened: C:\Users\user\AppData\Local\Programs\zentaoclient\locales	Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: invalid PARAM usage_mesa_symbol_table_push_scope_mesa_symbol_table_add_symbol_mesa_symbol_table_add_global_symbolARB_position_invariantARB_fog_expexp2linearprecision_hint_nicestfastestdraw_buffersfragment_program_shadowfragment_coord_origin_upper_leftpixel_center_integerATI_fatal flex scanner internal error--no action foundfatal flex scanner internal error--end of buffer missedfatal error - scanner input buffer overflowinput in flex scanner failedout of dynamic memory in yy_get_next_buffer()flex scanner push-back overflowout of dynamic memory in _mesa_program_lexer__create_buffer()out of dynamic memory in _mesa_program_lexer_ensure_buffer_stack()out of dynamic memory in _mesa_program_lexer__scan_buffer()out of dynamic memory in _mesa_program_lexer__scan_bytes()bad buffer in _mesa_program_lexer__scan_bytes()_mesa_program_lexer_set_lineno called with no buffer_mesa_program_lexer_set_column called with no bufferSOFTPIPE_USE_LLVMVMware, Inc.softpipeUnexpected PIPE_CAP %d query
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware Virtual Webcam
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMnet
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@L
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: LLVMX86_FP80TypeKind
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Net.RedirectChainLengthurl_chainload_state_paramdelegate_blocked_byhas_uploadis_pendingDelegateNet.URLRequest.ReferrerPolicyForRequest.SameOriginNet.URLRequest.ReferrerHasInformativePath.SameOriginNet.URLRequest.ReferrerPolicyForRequest.CrossOriginNet.URLRequest.ReferrerHasInformativePath.CrossOriginURLRequestContextnet/url_request_context/%s/0x%llx../../net/url_request/url_request_job.ccOnDonenum_failuresrelease_after_msThrottling.RequestThrottled%08x: %02x ../../net/base/network_interfaces_win.ccWlanApiwlanapi.dllWlanQueryInterfaceWlanSetInterfaceVMnetGetAdaptersAddresses failed: ../../net/cert/x509_util_win.ccerror parsing intermediate
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: (IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: eb1a:2860eb1a:28201ce6:282012ab:03801943:22530c45:64d00c45:64d21bcf:298504ca:704704ca:704804f2:b3ed04f2:b3ca05c8:035d05c8:036904ca:709513d3:52570bda:57f2VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCam../../media/capture/video/video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: t1t0t3t2dst1dst0dst3dst2LLVMFloatTypeKindLLVMVoidTypeKindLLVMX86_FP80TypeKindLLVMDoubleTypeKindLLVMPPC_FP128TypeKindLLVMFP128TypeKindLLVMIntegerTypeKindLLVMLabelTypeKindLLVMStructTypeKindLLVMFunctionTypeKindLLVMPointerTypeKindLLVMArrayTypeKindLLVMMetadataTypeKindLLVMVectorTypeKindVector [%u] of %u-bit Integer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Adreno (TM) 418Adreno (TM) 530Adreno (TM) 540GL_EXT_texture_lod_biasARB_draw_buffersGL_ARB_texture_swizzleGL_EXT_texture_swizzleGL_ARB_pixel_buffer_objectGL_EXT_pixel_buffer_objectGL_EXT_draw_buffers2GL_ARB_fragment_shaderGL_NV_texture_border_clampGL_ARB_robust_buffer_access_behaviorGL_EXT_framebuffer_sRGBGL_ARB_framebuffer_sRGBfunctions->standard == STANDARD_GL_DESKTOP && isAMDfunctions->standard == STANDARD_GL_DESKTOP && isIntelisIntel && !IsSandyBridge(device) && !IsIvyBridge(device) && !IsHaswell(device)IsApple() && isIntelisIntel && IsApple() && IsSkylake(device) && GetMacOSVersion() < OSVersion(10, 13, 2)functions->standard == STANDARD_GL_DESKTOP && (isIntel \|\| isAMD)IsLinux() && functions->standard == STANDARD_GL_DESKTOP && isAMD(IsApple() && functions->standard == STANDARD_GL_DESKTOP) \|\| (IsLinux() && isAMD)IsApple() && functions->standard == STANDARD_GL_DESKTOP && GetMacOSVersion() < OSVersion(10, 11, 0)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 0)IsApple() && isAMDIsAndroid() && isQualcommfunctions->standard == STANDARD_GL_DESKTOP && isNvidiaIsApple() \|\| isNvidiafunctions->isAtMostGL(gl::Version(4, 1)) \|\| (functions->standard == STANDARD_GL_DESKTOP && isAMD)isAMD \|\| IsAndroid()IsAndroid() \|\| isNvidia(IsAndroid() && isQualcomm) \|\| (isIntel && IsApple())isAMD \|\| isIntelIsNexus5X(vendor, device)IsAndroid() \|\| (IsWindows() && isIntel)(IsWindows() && (isIntel \|\| isAMD)) \|\| (IsLinux() && isNvidia) \|\| IsIOS() \|\| IsAndroidEmulator(functions)IsAndroid() \|\| limitMaxTextureSizeIsAndroid() \|\| (IsApple() && (isIntel \|\| isAMD \|\| isNvidia))limitMaxTextureSizeIsApple()IsAndroid() \|\| isAMD \|\| !functions->hasExtension("GL_KHR_robust_buffer_access_behavior")IsApple() && isIntel && GetMacOSVersion() >= OSVersion(10, 12, 4)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 6)IsLinux() \|\| (IsAndroid() && isNvidia) \|\| (IsWindows() && isNvidia) \|\| (IsApple() && functions->standard == STANDARD_GL_ES)IsApple() \|\| (IsLinux() && isAMD)IsApple() \|\| (IsWindows() && isAMD)functions->standard == STANDARD_GL_DESKTOP && functions->isAtLeastGL(gl::Version(3, 1)) && !functions->isAtLeastGL(gl::Version(4, 3))features->emulatePrimitiveRestartFixedIndex.enabled && IsApple() && isIntelIsApple() \|\| IsAndroid() \|\| IsWindows()functions->standard == STANDARD_GL_ES && functions->isAtLeastGLES(gl::Version(3, 1)) && functions->hasGLESExtension("GL_EXT_texture_norm16")IsWindows() && isAMDIsLinux() && isAMD && isMesa && mesaVersion < (std::array<int, 3>{19, 3, 5})(IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))IsApple() && functions->standard == STANDARD_GL_ES && !(isAMD && IsWindows())isDualGPUMacWithNVIDIAisTSANBuild && IsLinux() && isNvidiaIsApple() && (isAMD \|\| isIntel \|\| isNvidia)IsLinux() && IsWayland()!CanMapBufferForRead(functions)IsApple() && hasAMDIsAdreno42xOr3xx(func

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_030910D0

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --gpu-preferences=saaaaaaaaadgaaawaaaaaaaaaaaaaaaaaabgaaaaaaaoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab4aaaaaaaaahgaaaaaaaaakaaaaaqaaaagaaaaaaaaacgaaaaaaaaamaaaaaaaaaa4aaaaaaaaabaaaaaaaaaaaaaaaauaaaaqaaaaaaaaaaaaaaagaaaaeaaaaaaaaaabaaaabqaaabaaaaaaaaaaaqaaaayaaaaiaaaaaaaaaagaaaaaaaaa --mojo-platform-channel-handle=1612 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.networkservice --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --disable-gpu-compositing --lang=en-gb --app-user-model-id=com.cnezsoft.zentaoclient --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --gpu-preferences=saaaaaaaaadgaaawaaaaaaaaaaaaaaaaaabgaaaaaaaoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab4aaaaaaaaahgaaaaaaaaakaaaaaqaaaagaaaaaaaaacgaaaaaaaaamaaaaaaaaaa4aaaaaaaaabaaaaaaaaaaaaaaaauaaaaqaaaaaaaaaaaaaaagaaaaeaaaaaaaaaabaaaabqaaabaaaaaaaaaaaqaaaayaaaaiaaaaaaaaaagaaaaaaaaa --mojo-platform-channel-handle=1612 /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.networkservice --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Process created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --disable-gpu-compositing --lang=en-gb --app-user-model-id=com.cnezsoft.zentaoclient --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1	Jump to behavior

Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmp

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Users VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\en.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\extensions.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe

0_2_0040338F

Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1428295
Product:	CloudBasic
Start time:	19:33:14
Start date:	18.04.2024
Sample:	SecuriteInfo.com.Heur.21832.3236.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	df0daae26fb3f58a6b9ce4d144a81b48
SHA1:	38e41ab0e2712f7762c6d8b56892362cbb1b6744
SHA256:	ee9c745ec13fb4389968431701fecabaa3fd85f607e694e0d8747703a60fe0dc
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSE.electron.txt	ASCII text	4D42118D35941E0F664DDDBD83F633C5	2B21EC5F20FE961D15F2B58EFB1368E66D202E5C	5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSES.chromium.html	HTML document, ASCII text, with CRLF line terminators	6B84319EE8A0A0AF690273D3D2DCBAF4	857CA353E0582D100DCBC6CB6761BB4430D0CB90	FC2A256467FB4D4FF72BE6C423E5961E98B418554DEEEC296ADED0E757B9A585
C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	E57F1F300E695536CFDF17DA1CF72071	4509A5AFA20FF740B816E0CB615632640ACCC073	7953E406860AD62018461EB8C8A33324C609CB60379B0FE74E9AB7DDF55480F0
C:\Users\user\AppData\Local\Programs\zentaoclient\chrome_100_percent.pak	data	03AAA4F8525BA4B3E30D2A02CB40AB7A	DD9AE5F8B56D317C71D0A0A738F5D4A320A02085	C3F131FAEEFAB4F506BF61C4B7752A6481F320429731D758EF5413A2F71441F7
C:\Users\user\AppData\Local\Programs\zentaoclient\chrome_200_percent.pak	data	7D4F330A5443EADF32E041C63E7E70AD	26CE6FB98C0F28F508D7B88CF94A442B81E80C88	B8704BE578E7396EE3F2188D0C87D0EDE5C5702E9BB8C841B5F8D458ABF1356D
C:\Users\user\AppData\Local\Programs\zentaoclient\d3dcompiler_47.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	4708566E8DAC7300F15880FB79350B5C	1B0ADDD9480729EE3B8CE043F7AA53FD03CF9DD6	65F2B1201330AB8C3930D88A5B75811334E07DB0C1C63F43168D41F136C35982
C:\Users\user\AppData\Local\Programs\zentaoclient\ffmpeg.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	853A2B43A6857AE07710D92F912B2794	04D9978BB2EDA9DB63B353144249D6CA264D684D	1DB8124F9AFBF0FBC15A5D3556A2AFC31853AFDDEEA4042D62C3B8ABCA42E635
C:\Users\user\AppData\Local\Programs\zentaoclient\icudtl.dat	data	80A7528515595D8B0BF99A477A7EFF0D	FDE9A195FC5A6A23EC82B8594F958CFCF3159437	6E0B6B0D9E14C905F2278DBF25B7BB58CC0622B7680E3B6FF617A1D42348736B
C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	7EBBE9227156E3C4E600DEFB160555F9	5B356F11DAF55CE5240D796481ADE9342C277B26	DEDA663B1C080E2217A1241AF285B07BEED8117E416F9F814C02EB56A312F4A8
C:\Users\user\AppData\Local\Programs\zentaoclient\libGLESv2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	085893AFD97F40CCE27BF5A898BC899B	8BB8B85CC7055534EE1F12E4A7E5D18FBE22FE48	BC4EAE59FE7E073C06228CF6A304BE3A1A19AE2BFF2C491F52ED1C7A7854DE51
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\am.pak	data	5C617F3833923FCA5717A549FA57ADCA	0102AC3C8041FAB6A1A65A3BCAF7E79C0B7FD719	5F323C0BD185D5BD5F7EA737018F14FD6EA500BA5440BC74F5C09B635518EADC
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ar.pak	data	8F9C8DD93B03202220B5E226C6956025	8290DBA9B8DCC89928821EAD04F7CF599C0BA557	E7F9A474399C0CA0DAF28C6153F6EC7AE87423E66C8FFE0849407471D20B6237
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\bg.pak	data	00D012A55A50BBA5DE8B2FC2E0D163B2	89163FA9905876167A0C7D3446BCB0BD30F88EF4	BD3A3AACC3CEE9864404755EEE9542E0F21EFBEBD4A71E5333D15783D4CE18C9
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\bn.pak	data	80C804A82C617E7E0FC1E7F0DF63290C	A81F3AC6E92785E4C96E7DBD01FCA8BFD446071A	B4ED891E8B38452623348DA12D325B52407446114CBA664A8E25A26A7CFAF773
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ca.pak	data	79EC325651589F138C7840C61316D8F5	37503EDCAE710E2D61F390064FA2D9893D4B9C8D	9A4E286A58BB9A58E9E30D982783663C9BCE40730CB6DAD4C37980038040919E
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\cs.pak	data	0325D16A747CCA73A3A2B0C94FAC123D	E5989627742ECEE5F8996001002E97627BFBE10D	C00829FC57C7E1E5419FE3202F114D394A590B8B32B1E55AF42772C93755945D
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\da.pak	data	29F37A66AD8035D0657A1C7176330C40	EBF26AFA557B44FF5248207425083C750A397F49	6DA77A20FD6FBB228B2DE5F197225342DA18CBC58D26EBF542CF20D23E00F033
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\de.pak	data	5F9F5187B2C3A4BBE6077A329EF5C2C1	68AB6991F89F5C41C055B07FD97EA6D394D87F12	E964D841B9588B7412F1FF86F004E6B052F993BF2153E4DC4BEE6C5536BE1744
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\el.pak	data	F4083CF1C56EDB2D8701FC1809C9D8EC	909337883E1F898C98DE9B35F7889D257E5455B2	B624633365C19E6E3CBE200B39889711994809796DBEE7988883165D0CC1D6C2
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\en-GB.pak	data	B8B8DE138E6CD2AD1EEE182F2BEFC905	ACB5FBB8D3026D2CF0D5AFCC0B2407F7DC7F7CEE	4A5E6439C6731A5273970C8C053B4A89018C57F1D9BE81D85F24978233675442
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\en-US.pak	data	AF5C77E1D94DC4F772CB641BD310BC87	0CEEB456E2601E22D873250BCC713BAB573F2247	781EF5AA8DCE072A3E7732F39A7E991C497C70BFAEC2264369D0D790AB7660A4
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\es-419.pak	data	84A1995559E8FC00C3E46BA63EFF51A6	24B57BABEE3291419FC29AAB9C9A2FC0FE9C3D8A	2E1CF9D3E3EEBE607DA44873CFE37B9A84615962E3450313C3947920D4DE4FDA
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\es.pak	data	4ACAD14261FA458CBC61451F4255C891	BFBF2429190B85F692BC97D12822CEDD53A70742	B927984D25359F3D7A20D71AA4B16D2EC4C574461177825B5221865F416D1E71
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\et.pak	data	3F2F42E0E8FFE5C26295F5E15480EDCA	E183E93FE99145CE0471687E930926018B1FCC19	9CDEFC472C67247E67DA040B984E800CC8B903A1B39C742E6962FF5C423F391E
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fa.pak	data	0FBE88D360ABC020EF6D511FF5CB70A5	8ABC47BC30BB0128B84CA4335DC09A67B051EDF4	7E8F7F42300178F001EA5F74C63DB25D813B7C25989114DC7673C76FD92A72C9
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fi.pak	data	0C5F18712C639646E37FED054781B147	FAECB7CB6838783E15BC52C8DC019736A334D59B	4E538A14F1DBC872A85FDB4BE1E19145553ECFA3B07EE7C810B690C52B889684
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fil.pak	data	249AC7111D6310C67B42E973F6AA7646	DB19F2FA4EEEEC09906ED31BF6295E7831BF9E2C	CB536B478FEFFD3B55EC53676CCE84CEFC9E000C1205273BAFCDAF6EE6EDD381
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fr.pak	data	A9552C30B27ACA538388BA34C2374D75	39173220E9DA4C3D591BDB1D0DBBA77DC8FBA6DE	F3BFCD6A297A7634C24F2FBD3DE96F02588B0603D4A7618BB7588F6C091BEB2E
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\gu.pak	data	CF428ECEC583B73172FA789BA3F9AA6B	9A7456009B5A53C4F6470A370319395DA394E462	1D4D407233A4C78D5A9A242B43B21AA89FB68A0632BC52B0A515D69491632E85
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\he.pak	data	A275C3557E819C6E9FB029643E38FA17	8C005CB081417FF2BE0D7D8FB6356519A96F5703	4A9862EE8E139AE74E6336E0207D484E1A1AE0F689B5F1CC06B6FEA66D2090D9
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\hi.pak	data	EB017AC26477D54C707D3E965EC352C5	112001C7A38D9B95D3D0E422E10C585079356018	06424570167C9BDD7E13B115A632D6AB58DE7A4FA14F8D094627BD12D85E9318
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\hr.pak	data	551026FCBD640C1B911ED5B4CB7ADA68	3AAC7631C7F23E15A1ABC4FA1CEE98ACB695AADB	CC48D7DEAF73103E22E3E5900503396E2A2C9E5BF1450A4DF8CE94179B1E47A2
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\hu.pak	data	E51AFBBA3250E655BC01E424A29E3162	D7AAF2F2F9629BA9F7CF8A513C2905A13D0B6A8F	61AE4E65474CB4ECF5EDB2EC9BB9EA2B7A47BBF769F81C8FEE1282C13B209783
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\id.pak	data	0B9E5F5651AED9D1299F3246597AC182	62AA835853C07E66D027D129265429ADC6779491	E07BE6B1A095F235A4BABB2AD5E8018C8C1B2F7CD6FEAB170124D25898E764C6
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\it.pak	data	FA6ECEAAA453FB66BD631AA9BABE0026	790BFEFC29597D09F313C08E7B23FF298D60FA23	4E2089D3FD90977F9A3A88B2AF7FA9FF3B9864969D2F4582431626AE1F37C158
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ja.pak	data	932A8B529D16E79C1471FB8C92109EEB	4CEC50AF799472BEA97FC1B1A127C31D9D08B176	275307A3A9708C0698565F10941C57D42E1D2F55709A025D37E588699B5A985E
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\kn.pak	data	9224BEB43327CAF18C4FDE76482AE12A	EBAA89421838C093E36D74CEC8BB3521772F29CF	1A3FA5261B58113AE1A5CF140ABD93E812B4A866A19A4C54929FFFEE5F42B18B
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ko.pak	data	D6C5199671535C5B644D730C9D8C9063	7BC876A53B0DA752FC93A088AF1ECD043DEA6AD0	0A46CCE08401A72E44178349A61CDBAE5FD78CA4F071BFF2BF5F2E8C877A25F8
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\lt.pak	data	29AEEB61DF906C770E43ED477160F5BC	D3224DFF1967DDD1618D1573D91C3149DED8AE3E	225E5784A7A616F83D81E6F3FDC5510E975E9FBDE741B673DEECE5DED1604A9D
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\lv.pak	data	CE3CB88E12F86EB6F6AD23A4D34F49E5	31ED4DDBFE6BEFA49C6C28089EDB1B1617D896BD	D58B6308B64A1CDA4EE0B2B395672728CE7ABB73C44961FC911386569CAEE60E
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ml.pak	data	AA549352CE43C7F3AADCF24DB4B28039	52F9DE28A67E438A4B055B0988F2C4DC480A61FA	E51D9A02AD11CB9825368DA9A17AF7294B7E6BF11079E2072E4BEC028ECAF20F
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\mr.pak	data	896759A28D38E5D8F415570DD6F4D85E	23F55CDE464192839434A1E727CEB285B8B1F82B	4293AFACF1C4DCE2423C368A45FEC4B33AAC7232E7B7C1919AA8A5A20FB026A1
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ms.pak	data	407DD10484A99B21FFDAE6016132BF26	D1D7A5524FDF026A49391522C42D059406BD0442	83248A2AAEFB87FC19454AFA34BF5DF99B95B98F823B534DE0BAE552C8260D93
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\nb.pak	data	1BDFC009F54C1E5BC8EEEB5017F9DE53	7427D3F37771886AF1C0AF1D20468960C524377D	21F3EFE54A2A0ED9E2F618B2A50F89B44957BC7C779E7F88C1F10B310CEA8BD5
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\nl.pak	data	FA16E91633AA0F20E49B7E19BB57AACB	595D392D20DF35ED71F4461CD5C85B77A68612F1	E94551CA94505F068ECD0619AF676B7B3A869F6068AF87F0F537CACE8055BA4B
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\pl.pak	data	DA0BFC4EF754490879E8DD567961064A	F331C571422C5BB85F90FE915756AD9787103C24	C57C2E534DA554E42388815CD3E848630ED46E1E61E640A6F3D4FD7CBDFB2AED
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\pt-BR.pak	data	31E00C1FDFB9F86D7F5B5B285689CFF8	C5131466499D78C7282F29B3B12F8934A139991F	ED9ADACAD575344216EE986E9C04908A5093AA7A0EBFBF2549DF4C668A35F356
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\pt-PT.pak	data	F33190E2616875ED2349115E128A54FB	27E44FB2CDFECC19F5C91FF2F2E69956CD59BE57	DA64B5178BB41BE0684CB3EF1204BECB457520FE4960C3252F5CCD6A9EE9E29A
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ro.pak	data	4C4112B99FDA13B8FA5373D379F476FB	2422AFA9EA5B204FE84CC241CF6EDA2C8B319FA2	99730524E53CA07481F8CDBBDACE228AED42ABC19D2277D26C42F47653F3CF07
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ru.pak	data	5D77BC0C2AA843EC5BE6A3614C062359	0B22C3376169A5BBB4697D586E4A0D3094739DD5	EC6654FFD877EC62D8AFCF90469ECEF5790E17C7306654CFE4B905DE449B06D8
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sk.pak	data	BA56090D9658733694473C7861D04040	DDE05B47D06FA81ABADC1B8F74E5993D0EA61CA1	D7BAA6B1C0355E1CE9088C6EB508235C7A640BA70CC7AD84C9AC607026400495
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sl.pak	data	B1E33BBB0ABBE113A024694BF4608C5B	A157C8578685F5084FD805C9D0734BC7646D77D9	48E9004441F8AFB200601EC2843A03892076DEB1706E1D3A7BBDBFCDD137AB57
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sr.pak	data	C56D29BCF5FB38EA25AB1A855690F9A9	F3161F2890971EF929473C58654DAC0718983957	68A04BAE37629675C49D9AAEB68A1DA974AAC427B61151A18F3210499702202D
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sv.pak	data	2BEFBABEABBBAE5E7C57934ACC5CD41F	D48E9FD4D73627F4DCC57EC31924D97F6FD6B8D1	C63E812FEE929492974C9B5DFA14A7587258E6FABED355A105015B296246B068
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sw.pak	data	2490296567A1CD3C7B0852E1ED7D115D	04B527742CEA9487344AE08C463D6FD4BA16B1CE	8B07BFAFA5C97BE2DA9B6146535B7848D88A44D43A45AB06DFAE286D93FD64CE
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ta.pak	data	8C8B63DFB6DBF75603D3E2E4FE981F9D	3E7C9A1A01526367B016DF20822A41E430328E94	22EB9D73331E92C898B27546A9E775FA8DF0FDADA391734A9291B2A016662652
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\te.pak	data	C370F82FF93880C0F32E63CECA8F1050	A1190895EA7E699621F930C9B4B672B786FE1D9A	2DD8A542EE0778EE39639380208C584D9EEC8932D1307BD5563E1EAB320FE0D8
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\th.pak	data	F265EC50E0EB62893FBC187C1C962DD9	5A60FF7287E5D4E35F000D229A4CBB37DB76ACC0	CFFD61F7954CA10038529D14FDA6A4E34C8EA1A9F202EAD0B0C2DB93143EF485
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\tr.pak	data	D8373D7BC1BDEE4CFB48D85694A78FF9	323408E39B2C953728420E5F21B1D1EB25DE6C2B	B1B66BFEC0AFF21C64EC8BA3F19008501F196F80E7E41B2E8AE73114357DF458
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\uk.pak	data	E87CBE2CFFA7D3A95A8F837231D6F44F	40F7D1602B47C7A7AD445FE04377E3145F8CAFF7	FA035595C375522D09F9DE5A545F5339FCD3DDB224FB19F1828A7958B7DFF3E8
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\vi.pak	data	DBF8363FE244C7D45D44E987D7194566	C3BF0058F956FBD6FA0AD89218A22C7668964B30	044C48581C2395A8EB0F85B5905E1B4CCE1FC1FEF2196710CEF06E197AFDFA99
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\zh-CN.pak	data	D9FB680D115846809114DE2B35AB4CE3	D1F68E0181233C98FFBE91B09910B9D87C1E35EB	690DAFDEB5BE360E8B3A84C711D0D48B3CFC74C871B89A8F03F8058738CA9834
C:\Users\user\AppData\Local\Programs\zentaoclient\locales\zh-TW.pak	data	D0141FD3E851CDB790549C069A76ABCD	3DA3787A8EA94AA066C5E5D17E42481330E0CAFF	8187E67CDE3292C6F18EA0A40F8F8D3F2CD604E62FEEC9EC40C71B5D2BCDEC9D
C:\Users\user\AppData\Local\Programs\zentaoclient\resources.pak	data	D22A5445F36B9FFAAFC235E56AE90456	C6ACEFDF31E440C71FF830EB9150EFE69775EC63	7B94D96C56DF3635CD72EAC4F970FE3B2DF97749427A4E7986612D86AAE4B6A8
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar	data	DF6EDEB9D99EFAB9F1763F8B7B4AF1D4	76BCDE2C502088E91CD4D2E5D221689A6D65F5F4	33276A92077D6988065CD0AAFCE5485AE1334A997C4EE389C595842B0EFCB192
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows	4BEC9A3145BDF3E70E3F85D6DC96D20D	B5BFA0123478506F1E6CD8DFBF9C493AE5488915	4B4DC187C6AD2E5A31773F6B9054D979F0F9E6249EC175C4FC1DF6ED75AA10AB
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe.manifest	exported SGML document, ASCII text	B670384C4BFC5EE9B651BAF1889AF88A	0A525730F3E51C03295C9973AF46909F0B75AA06	3BBFE9E6A2CC2648842566A9262A8C3B526D2A78E9882D085AA2097E2D3498FC
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\D3Dcompiler_47.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	5DCC1B349BA79639022FAD009EA6613D	44B358A1BB912592A0E5832EC2DF4154AB7550F7	1248C8C8C98BBD8433A21892B15FDF17224A7F5E202B98277EA4390020602D66
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Core.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	89074A4117D80804F9D832A74FA633BE	D6738BACB770ED0E3AC8D0662AB456EDEF6BD1F5	086A3BF1A105F9919B06A8D9ED662F6C0923B9249B3A4C5CE2F621B34F06B7B4
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Gui.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	26E939424E333CB2C71CADD5DF76AA40	56A2B2FB7D0D11407B21EF5409E768D8735482A6	8B12AACF901A17A73E495C7277A1249C56C7C5DBBD0A64B85BDA54B9DAB043C9
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Network.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	57A3618E90618FA434325E478049E5E8	C05081CAEE8BCCF27B0995EC3ABEC6B32234DBC5	757CE98E65ADE9D093D4E0D2DD9E03B279B1F0F9C5349DDE667060A973FFAE4D
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Svg.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	3668B615E1F9E74F1BD238D1DD7B66F9	4FF579439B2BE35E2B640F4EF987D7446E8C549C	43C7E9C2EE148497184EC7B91687B128E67B06EF3492B62674F029002477FDF5
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Widgets.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	6ED28BE1C72C4EBFE33E7972F68C88F8	6F5A4832C81DB6DBA7404FED05438E586F5E1AEA	2CAE494DC1E85E77DA97750A52A6A628560C8DB5C102E9A69E4C40A1BD4A74F6
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer\qgenericbearer.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	8CB9E07E032A9D5F429838B31AA11C7B	DACBA5E2C6679D3864C4154637AD00C25B7E6915	6882E74ABE76DF1FE3DE4798A3E1EAF57E1DA73D63D2DAA057F973ACC2355AAA
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	FA897443E4F32A8006CF7D4E41AC5958	E095C2810925DE18EC7FD9B878DAFC2A298EB61D	125675D057A920272D8F6824F9562CA9D6E5CB557E515AD015FFC414FC459C39
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	A385117245DDB79160E9DFB22E0E2596	4AD497C125B14E35791D1D89F23E7E6817DC5B5C	B201274AD3EA440FA435145F58C77F7F723E411573F534E573C1333108CC2AAC
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	60A5CE7F528CF5A621D50CCB9551C276	3735AA6B65701F52F28C5CF1BA41A3D62D3178A1	C558BF3636E6434100A3E3FD0059D8F1E01332B07039830A6AF9986C3A96F31E
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	3874942FCC9A5DA64BBCA2C01C45CC57	2E4EA65E6196CE07B3CA4F00CCF95D83466C02E6	7981A4AF429BEA106FC4C83FC2002F3A97D10F24B04BA7BE92242AA69A1EF183
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	EA24C98B482597E40D81F0BA8D57F486	8EF732015565982416AE6D9A77A3664EE189AF5E	D292C82CD5BA940334EA41ACE41280F7F6B4B36021FDB3AF2193CDA4883662E0
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qsvg.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	19BE0EFF55B5D97D869D27B8B66B0F40	FAE6C6F454E5043E9C055E50604E02E86C67835D	6D38720353B4C4CC939A2FFE5F6994BDEC6E1C0C21395CC2FC4901FEDBAD8667
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	88FEE290C428E486A78B237F4B27B7F7	7EE1BEE2A2331013BDDCE12B640F343D1E4CC7B6	3F0694463FC5C9C8507379FEA25380EFF128B7980BA964A939EE06040079E51A
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	DDEC0C42E2DA33B514E1204F090F39C5	517BBC497C512389ADC5957F63AE55E1ADA5EEC8	DD0D13A90F057EEC23776AE550C01AEBEA06BB67CC3D895A7C87F82B24B80541
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	07EC2A9DB5A418C1AB1764F6D3EAABE2	8B67354F2C3A45603ABCBBB28B06A0E6555AC928	E5BCC71445A60E7A09BA773A21866C6F258B165042A75C4286E929E3BB1C4024
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D0F1B3F467A73EDA65563F30301AB6EF	178C1269F7B194268F4461515417DED0268AAA74	3787586DBB8D8799E39248E45D86A841FE9A140C03538ABFD0A6AEBC06992D1D
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	3116871B68407AE5BF93EE0C12E3ABA9	D7F19B7177C0319AA15A78EBE44BD41F741D30CE	FC01281FB4EEB4A1D6AC78548C003389C7F1A0D2DA68C788FD8BCDE8F2173339
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	517BDA35CFE0E8FFF42422D4A6395EB8	8D14E25B9F8F51F853DC9CFE9352B2C1A0D52509	9E45ED321C398DB7DDFE2897291AABBD44D89EBEDA8C0B5C215936FB5E75CD81
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libcrypto-1_1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	9B916966173ED030B5A46B88950D63B6	07EDFA1532910ECA98C4F1CE65AC6BBD542E52A5	4B84600E4DF7F0CB178D48F8C924347BF061EA89E2B471A4F4E4C6B66C8B600A
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libssl-1_1.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	F0E5109643DF4DCEEF61DA43E46103BD	4DB740C229CE8070D85A241C218794BE3D03A0A7	30B1C92553F5A77C7AEEAFE4E33FB2F98794285ACB96165CD341D75CB3964CAC
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\msvcp140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	8722DCC7D17C563359F83FEEB946C8A2	1F6515DCFE7BA7DC2D62468CEDEB23F59E87D216	3FEBC5AA16AFFEBF4EABDEB86569914CF33A751F8C5619BC6E333EC06C4AF08A
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\opengl32sw.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	69133545C6189CADBB57D57633596E27	F2CF8448488DE0216647F2088FB5FA2DC11CAD53	054648D03FD92CCD4B374C38EF4A28BA75E2705CE2E2286CA310337F17DA4711
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	9B3211940951FE2751F878824F72097D	0E05C1C90DD8241558F83EBEE76DFC6C6E137208	130B9CACD6C35DF5AB720E34E784292692904F87412507C57CE846916378B8D2
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	7CFEB443E3A406597340A8550E08F931	E39D980A7DCC6F49B46E4FEA7ED1EF658AA929BE	6DD021143D18260FD7581952A45DF30AAE7FA37011003FCEB5BE7F3CC30D5400
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ar.qm	Qt Translation file	E7EC8B6E07D62634777DBCB47BD611D3	67B0381A54F966F59D6AB89FFBB4AAE532A5F191	820EB8876A61022B371D557EEBD83A99A3872C6E93ACBF3E98026DFCB3CE8EFB
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_bg.qm	Qt Translation file	6BCB7BF161BBE019CFAEEE7D331E3E79	03FA92B55FFBD74DAC958934C7275D32BA0ED030	47F5749032C655F8399563728B8E5591B796AABABB631D0BCA9F18D74F4ED6F0
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ca.qm	Qt Translation file	D1D7AB4DA8BC6A6097AF2DB42C9BD14E	B2465FC39E774119E4A83D7A4C62516509BEC1C0	44C6B11B0F7BF6B6423D03089BCB603DA37CB9B46BA7B10B7DC07F75FDF9708F
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_cs.qm	Qt Translation file	987E045E06AEBA29A8E05A074E6BDB91	63D1280382E5DA5EEC4FD6F94608FEC8BA5CE7B4	86E174EFF79F096D81146860DD5CA9E946C643A3464C7DA8919C972747B8DF09
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_da.qm	Qt Translation file	D541CC7F5EA2248E72D2E86CE6CBFA45	E05158572255FD30F5F118453EE6E6551D4DB6CA	423E88732439997DEB776F45F1B808F446F8023AB25FA925E949EC27724AB7E0
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_de.qm	Qt Translation file	73911D71DB30DE43F856D4EA9E911837	16E6EC19043808EB3A3D1256EF987DBF7CF126B6	AE34D874BD5A6D11A2EEE605E07A7C6DB2FFDBC998CEB8CFB7C346DD914332BB
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_en.qm	Qt Translation file	4AEF4415F2E976B2CC6F24B877804A57	2AA2D42C51F9CF024E3777F0DDE4270388FD22AE	307CEF95DD5B36FF215055D427E1885B7FC3650C9224CF76D63056545996FF60
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_es.qm	Qt Translation file	7479D957C5309AEDD4F58E4556590F69	2A1787E1F387B62421F8B0233F0119F7F0A9134A	F6A0734903BBFCD9FD447FBCFD7AD6B9BBEA50D038DC9388038C9ECFC13752A4
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_fi.qm	Qt Translation file	FF556242E6061DAC90683223351ABD61	D0AD225D3FF0E98619821B68692B996A6F68D580	D04666A656680BE2756B58CE45DB175B846C5928EB6AF62DBA841444DD10E03A
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_fr.qm	Qt Translation file	37F2AC5CF8EA04844351AE0BCF8420FB	DF28A556F02E1DA470DF5DFAA5E47E36A7BED48E	7D40EAA90D9094CE548A41482B496EC494396A82361D4F3D031756118ED042D2
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_gd.qm	Qt Translation file	FD5046C815BC3E89FB327044A29236E4	970F304BB911536E0BD8292BD72EEB575F7DFE22	D1C0717546502AB3D243487AEFB22A073A4BFF8413AD51F7A6235FC722E76C82
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_he.qm	Qt Translation file	6A8A53D365F564BE4804B3F1167186AD	ED876E836243FB6BA790DE8F709F6BFAD45D3936	19A8F435880328F9CCDA4FECDFC20BAC7AFAE589C07D0E2B5563366E908AC8E3
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_hu.qm	Qt Translation file	FD8D6145CA463351F31D6550BCBD9263	089BB437C4A41A2B54595B97FC36064789C34CCB	D8DFC2277FCF7086BDB1F22FA22EF33371F71CC2CA9C378542FF9C318197FCBE
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_it.qm	Qt Translation file	B183FE971035ADA2E95401263C79AA3B	9FA419CFA95360227A86FCC4D2ED5D946A019CB4	54BDD9856E6007B443F553F03B5B83BCA9F08595BF18D3293663517F04E89333
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ja.qm	Qt Translation file	1C0AB06B3388E79A2206CBFD28E374A2	FB94C71EE606C6CF5181840B4A6122EEFD93770B	F0EE03C9936B459CC9BDF184DF9B7EFAD98D40AB7B99E89166A42E019A0EC0EA
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ko.qm	Qt Translation file	D3EB25E0FFF5719E8840612727896B1D	58650C79B3776B87A77D816650E962DE0A96D18A	487755EB0841D47748CCBC2AB8D255CA12277DD0FB687D6DDC730982F8DA77BA
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_lv.qm	Qt Translation file	788862615B8FB13B52E4A80A8C54B3BF	802BD10E82BDEEC9596F31464C73DF371A5894CA	257D1201DA42C19C34EA0A5F0DFBBA3D438FC273A7D5B5B97CD13196E963ED28
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_pl.qm	Qt Translation file	55A6BB647E176CD4CEB5096C76B87ABF	2D43EAF76B5BAF5078066D34E2A71954F2821EF4	99A5A122DBF2E522F99F2BF83201A144E9E340D7B3DD8E16DD785A8CC79FBD69
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ru.qm	Qt Translation file	80ADE6A2B721F7B14B91DB7EBD12DA77	7685104243E986FD50177DD7018B5788ED0D67D2	AA132ED04F8B4E19EB72A25CFF963D3F6DF8BBDC58E99F3580E9014296EAF7B2
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_sk.qm	Qt Translation file	FED9C191096819DD208E0E3E2D051170	996BA0A7A6C3C55AE7232BD8791D72472A85CA84	0144819728779D0861859F5451CD5588B2F2DEF611EDEB77B38655D62BDBDF86
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_uk.qm	Qt Translation file	9A7A0B316CF7117BF3AA928C762C33B6	4B4C06191E61FB2F94FE9256F29696EB1AE694C7	FD4A436733637CB4759CDB024F0C7D891E8075BE46F79796077180A9FF488D27
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_zh_TW.qm	Qt Translation file	E6B27D6F8AD2B2E090D159DAA818B1AE	AC2FACD82366860533F129039A41A414DA1317E0	17E9E4871BE60AA3D22C86FF990BC762BC81EA5690A68579EA062D8ED7F3D3D4
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\vcruntime140.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	19992D3BE23A47D38056401CFA4150F8	4BB48D6B1AE567C2A990F0103A0F58B41875FFFD	B9A2EE247159D42E2ADAF2BDE7D592F2821103BDF7066C8CBCA89EDA4135ABE0
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe	PE32 executable (GUI) Intel 80386, for MS Windows	9F1881A02F5570D1A853BBDB5A954E4B	64D8CA3600DDCCA6730AA5FA4B75D98C9C6B0920	A43DDD5594F5D01F6B4BD422D5A7E1DA52401D7A2B9F6DE4B7DB78294FFC20A4
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\api.json	Unicode text, UTF-8 text, with very long lines (55810), with no line terminators	3A067647839DD2EB52525B44F88BF3F7	4DFDA537C0ECCB7CE174BB1E6C1C2C5BF7BC13EB	9D9C64C7FF707D8E599D02A479F81C1064177E8258B1280E5358B0AD8FD35201
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\package.json	JSON data	58BCB66755C7D08196E6B3FCE44E1B99	4E0E786D95C07A245234B8339E1E703666BAB4AC	9ABC0BFBF66C655D3924C9EBB2A59CDF5DE5206E023570CE274A9F2B12042C73
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\dark.css	assembler source, ASCII text	82CC3B0068AE0B621FC747C2F04150CE	4EF06E2C43F3206542B04C2BFF8D408DFCF318A6	EF8CD52056FB4F1F6099365FB97A1FF8DFF6EE66F3A9BA9FE4C15CDBFB49C17D
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\green.css	assembler source, ASCII text	26C65A9F2931229B669274EB5D162B20	D88A68BD60DF0959DA99EDA3EFD2328A00C5629A	85CA63FB68FDEF9572FDFC65A838C9E799A1046A282056832C8EAE044C2F8E9C
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\highlightjs.css	ASCII text	70A3004852A746F6289751BB3DEB4621	217201B42E3FFE9A1AF2EF09636146E561D0713B	30ED1D287A120FD5D6A136A41B36A642C51E9442044532B372C5B4CDAC22350C
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\pink.css	assembler source, ASCII text	B797C17D4464CB9F7320849A2F2DF0E3	AFCF3EB27E028F58EB640F1C65C0C5AD3D7D4855	3B331A31E84726CEA2CF3774BCD881720435A0B134D78139CEF0D3127DD85888
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\red.css	assembler source, ASCII text	D6945271475CDAEA61CD4F55312FD5EF	F9B37FA7003438C7B0178E6D584EC9518F75B288	116980E51B28F575A911526E65A253B95E0A4C280668889BC8AE23A36FEF48D7
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\wisteria.css	assembler source, ASCII text	379BAD3F8BB4330DCEEC4F0CD28E72AC	A33F8A4E8E12B3D91F3C9CAEA41D388F214F5D38	49BF57D12101FB6DCD9F2D2504AA589E4E5D452959BB2874640945516D68479E
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\zentao.css	assembler source, ASCII text	0805D4FB50511E4A92FCC25233CD8EF2	29CB7ACB94ECF0007381FE29EDE931278D9307C5	7E2E1DA9F8098C8E64D2E69F6367CBD137800E301B924B7381E2B29ACE9E7A47
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\extensions.json	JSON data	F2FF8E7C17ED752A0CC3D7F0C706329C	5B80A695228648D1E780956BA00612C51CCFD957	128BEBC7A57424EE81995C3FE14AD961050BD1697229951AD97324A5C679BC66
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\ts-icons\icons.png	PNG image data, 238 x 204, 8-bit colormap, non-interlaced	8B5C644A25308EC12DE89BEE5A6821B3	858A2DA7E1B272F1BC5A16A49A6F12DACFC92C42	A3A7E570A4634E3987A7F2042ED8B851958BFF4569A831F8E12C50B070835038
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\ts-icons\icons@2x.png	PNG image data, 476 x 408, 8-bit colormap, non-interlaced	5EB5D20752E8AA2CA0A5A4AE7F0C737D	E705B21493C503B13B6393429F4C1136A05675CD	9265406EE65994AB73CC2D41899F5124D34C093D41CBF4F91EF2CD04912524A5
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\ts-icons\style.css	ASCII text	070A9C75FC988845B69C30580AE38BF1	A10BF1258219350F466C4155DC6BCA96FE6E6701	0EE25B392320BB39668CB3098C0100E722C13443C441B166EA58B28C3ED4424B
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe	PE32 executable (console) Intel 80386, for MS Windows	B914A879980028752D7BA8ABC9163708	9F79ACCAB5AB912C7F8D47E998224D482C38883E	0E6487316ADCC6E52300BA80F49237940BBE063C8EF18A97A07BC4B01F08556C
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\en.json	JSON data	9F3085AD418F3DE3E4186DB6AED5100D	112B0B4B455B81DCCB7A998C0DA2F723FCD8E633	3757A066B973D20C90B0B988096CAC8567F0D3D3B6B536572E473FB07A6AF6AD
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\ja.json	JSON data	7798F2B70259224F06F3C277ABDED062	DA861F2EA3006F5E97AEEBF1D6D7AFA2ED49420B	3AE0C3438B27E5B60D739B2EEF0A3AF418E9A19AB7052D02C95251900055B598
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\vi.json	JSON data	F8840DFC1EF6880A2F793F3179B8432F	0083D4E6629FA6117348130BB3DF92A463819775	608378E2F44334ED95E19A05542F14E542FC4DE662A63C7EDA0085BDB63CE765
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\zh-cn.json	JSON data	CC43E79EF29F4D95A7111B19B39D057B	3920B53F7F6E3CCA696D2EFD8FD429585E746014	2B3294315E5692A41F61A1D61F2534641E0F25356CE44A25DA52622EC94BEEDC
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\zh-tw.json	JSON data	605D89A690B7A14CB6927A28A42CB342	7ACE9ADEA77EBD5A2F5B93BF1ECF6C30F8BB8B5E	F8EC562D0690405E3696684478D2631688F2A3A2268AF48420E2A9C5F43E5DB9
C:\Users\user\AppData\Local\Programs\zentaoclient\snapshot_blob.bin	data	AD4B5EDDCFA0A283FA0AF0592DD4625D	175C232B6FBFAEFFA24344B876BC839F0920D395	3850B3E025566F8AF7F6F26A1CDD363340E0AE0C936FB48547221AEE967D3D0D
C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	F4F7C338F1EDBA8C21699DE3D59DE84D	BF8A4BAE9ED120F3BA5F692D28300A7999CDB2DE	BEB21DB6E3793EFA3EE04F79D30427A2E9B163979558A5A0B51D5F26BD25055C
C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	8501FA409502A3C9980C16616D3016F4	27C1111A38807FCF1137A9D918BEFD1DAC84FA8F	45DE4C6817B7F804E2296633034791C89E5C244FFFD9583AD452BE3E7A4FA2BE
C:\Users\user\AppData\Local\Programs\zentaoclient\v8_context_snapshot.bin	data	E082A9FFD52E98B00E501E934A7E9D8D	21746F70466633F881581D9BEE651619D8B4B109	08058FF9086099965041D0E85E8847704C624BAF689EC3BB6A041E7776332520
C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	07B7E5F876BE24DB5926361E4F30AA30	195D213E6AB7E13F8AA0307E607290F9FDE94541	7B5039481DBAF2F9DFA06F2AF4A1B03FEABD14BD625DFB1C569B443982F744BB
C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader_icd.json	JSON data	8642DD3A87E2DE6E991FAE08458E302B	9C06735C31CEC00600FD763A92F8112D085BD12A	32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	471D474B6B65D40860913413A3F9580B	5CE87421979DE2ED46267FA737051AD48C328E97	6DA50DF77A4F685287A9729069F58E18DB5F4E28D5579F5B9AD24153B85DBF6F
C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe	PE32+ executable (GUI) x86-64, for MS Windows	7332992028A2C1F3CE747C62254B38E7	ADD6422C181982BD8F62E74A03B73E1D13DDB4B8	309D776F02E2CA9AF266262754A418C6D3A8E5AC1007BC7579329A403910F6F3
C:\Users\user\AppData\Local\Temp\0f457d21-17bf-4e03-aa1f-a1ac32949cc3.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 6239690	63A887D1C41C3E9220DB5EC6D994C34F	3B05A0D38DF915D2E4AA803FD429CDDC2F5FEEB8	4E191C97FD1A3B9A3161EF245BB900D85E71D589E74B570E4DD265674F4AC455
C:\Users\user\AppData\Local\Temp\3c5de39b-cfee-451d-a162-8917bb0017fa.tmp.ico	MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128 with PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	DEB10B95490C85A00AFE6FFE80F273AB	6CF3D816D8B1455D81713FE731C844C9F6E15BEE	6D82D60633C58F1B46010D0F684A3048EE6E08F9D7DE347CC3924893F94E0442
C:\Users\user\AppData\Local\Temp\81405a77-03fb-46fd-8a8d-32b4d884656f.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 32708	ADEDE569BAB371804A21BC22358DAC1D	8691CB3E349853CB990328FECD2AACDB33BC995D	8A2266A06992D3BC70B63322D7AB60F647F3E2DB0B0860CCD9A05748A5D95D78
C:\Users\user\AppData\Local\Temp\9e243358-8547-4f17-9223-a41ff30e3313.tmp.ico	MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128 with PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	62B9D37B7C240037F960EF63667464A4	E9E7D02C2C172F0D424B2C98B814E03C20C4D4E2	B106FA01391560F943CB121A92D26CEF7D1EBCB1603AB003EF803D767460F22B
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	C6A6E03F77C313B267498515488C5740	3D49FC2784B9450962ED6B82B46E9C3C957D7C15	B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0D7AD4F45DC6F5AA87F606D0331C6901	48DF0911F0484CBE2A8CDD5362140B63C41EE457	3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	ADB29E6B186DAA765DC750128649B63D	160CBDC4CB0AC2C142D361DF138C537AA7E708C9	2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	1CC7C37B7E0C8CD8BF04B6CC283E1E56	0B9519763BE6625BD5ABCE175DCC59C96D100D4C	9BE85B986EA66A6997DDE658ABE82B3147ED2A1A3DCB784BB5176F41D22815A6
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\app-64.7z	7-zip archive data, version 0.4	8275CAB0CEB25B268B1558971390E10B	F64097A9FB5CB30F5C9CB925B8BE0182ACDC4178	64B55751B04A56F10F44417BA0FF3B3D87F25FB4163752BE823F32D8EE8DE826
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\modern-wizard.bmp	PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154490, resolution 11808 x 11808 px/m, cbSize 154544, bits offset 54	52FF52EEE3B944B862C11C268A02C196	8D041966E6FBA10AA5E10CE5DC1DC5175F11B2FE	2079F7A3EBA60E0D9EE827A7208AA052A71B384873B641DE5E299AEB8E733109
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	466179E1C8EE8A1FF5E4427DBB6C4A01	EB607467009074278E4BD50C7EAB400E95AE48F7	1E40211AF65923C2F4FD02CE021458A7745D28E2F383835E3015E96575632172
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	F0438A894F3A7E01A4AAE8D1B5DD0289	B058E3FCFB7B550041DA16BF10D8837024C38BF6	30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	80E44CE4895304C6A3A831310FBF8CD0	36BD49AE21C460BE5753A904B4501F1ABCA53508	B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	DF0DAAE26FB3F58A6B9CE4D144A81B48	38E41AB0E2712F7762C6D8B56892362CBB1B6744	EE9C745EC13FB4389968431701FECABAA3FD85F607E694E0D8747703A60FE0DC
C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe:Zone.Identifier	ASCII text, with CRLF line terminators	187F488E27DB4AF347237FE461A079AD	6693BA299EC1881249D59262276A0D2CB21F8E64	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.acl	Unicode text, UTF-16, little-endian text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.dic	Unicode text, UTF-16, little-endian text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.exc	Unicode text, UTF-16, little-endian text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Apr 18 16:34:30 2024, mtime=Thu Apr 18 16:34:31 2024, atime=Thu Apr 11 00:35:40 2024, length=136137616, window=hide	7FC6ED7DE491181FD835A1B57916D4D9	715C3C0A473537512F4D4718145C671C8EF8A2AC	A63E2B6F08FF4B7A7CB56FD0AE66D09DE152A097C4D87B32C9DF17C82359558F
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js\index	data	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js\index-dir\temp-index	data	12A48437CAB10826135AF742834EB853	7AB672465B8CAAE6302F9D687397CD2442FF7A54	56B8E8868F56DE308CC1841D64DC015AD70224CABE5D24D237DE7A13AC4BF100
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js\index-dir\the-real-index (copy)	data	12A48437CAB10826135AF742834EB853	7AB672465B8CAAE6302F9D687397CD2442FF7A54	56B8E8868F56DE308CC1841D64DC015AD70224CABE5D24D237DE7A13AC4BF100
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm\index	data	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm\index-dir\temp-index	data	12A48437CAB10826135AF742834EB853	7AB672465B8CAAE6302F9D687397CD2442FF7A54	56B8E8868F56DE308CC1841D64DC015AD70224CABE5D24D237DE7A13AC4BF100
C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm\index-dir\the-real-index (copy)	data	12A48437CAB10826135AF742834EB853	7AB672465B8CAAE6302F9D687397CD2442FF7A54	56B8E8868F56DE308CC1841D64DC015AD70224CABE5D24D237DE7A13AC4BF100
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\index	FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0	3B405E83D9E94674FF6BB4668B5C11B7	0C8A82660F057A24EEA95E01C416880528EBC3F8	F8A3A50BC8D322B08111DACC8B895C87C59FE4C4A71AB72FBD3E52B653D99F5E
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\000003.log	data	CBEF97F4691DF0AE901CB4338154C201	EB59492BDF65692BC849F3C6C124295DE0C40AC4	F0A7EAD5FDC7BBC94C33874338D06FBEFC4794448942A61CF0FB7B2E982C7F3E
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\LOG	ASCII text	A1851A360DCB6C52DBA15F0376DD654E	A8AD78DE75ED86538AAEB79157069083D791EF4E	9B1340743058C2F27D4C3212682B69B87729E7B4E0F433232CE266ECACDDA6AC
C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Roaming\zentaoclient\Network Persistent State (copy)	JSON data	2800881C775077E1C4B6E06BF4676DE4	2873631068C8B3B9495638C865915BE822442C8B	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
C:\Users\user\AppData\Roaming\zentaoclient\Preferences (copy)	JSON data	329622F40165883B656ABAB0D93674C4	DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87	2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\000003.log	data	AE4A79D7ECD0EAB951B91C3FF1F6B248	CBD57A395614C3CDA8BEC12B10761B5638125030	DAE52D6A582B8B6EA53B9C875DEF1BE23915291581B9EE59D39625AB60963F0A
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\LOG	ASCII text	93E757F23CF77A5E1BEE1D2663F5A112	EF984861237055C6ED6B4030481DA1974C4E6305	ECFDC86543F658EBF10A033350B73019887A56EE317769669225C20577F68699
C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Roaming\zentaoclient\a40a4cd2-efa3-4554-8d9c-b29689e538c2.tmp	JSON data	329622F40165883B656ABAB0D93674C4	DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87	2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
C:\Users\user\AppData\Roaming\zentaoclient\c6479286-c23a-4895-9dc7-464f55ab4adf.tmp	JSON data	2800881C775077E1C4B6E06BF4676DE4	2873631068C8B3B9495638C865915BE822442C8B	226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
C:\Users\user\Desktop\??.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Apr 18 16:34:30 2024, mtime=Thu Apr 18 16:34:37 2024, atime=Thu Apr 11 00:35:40 2024, length=136137616, window=hide	C2491672226D031C0FEC695471DC9E82	F6E79907E6A6A274F46BBB50C22512392DF92B7E	21BF5B5E223B9262AB9DCAE339FB251C88B3DFCC98B56192B52C436157C662EE

Windows Analysis Report SecuriteInfo.com.Heur.21832.3236.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Heur.21832.3236.exe