Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Heur.21832.3236.exe

Overview

General Information

Sample name:SecuriteInfo.com.Heur.21832.3236.exe
Analysis ID:1428295
MD5:df0daae26fb3f58a6b9ce4d144a81b48
SHA1:38e41ab0e2712f7762c6d8b56892362cbb1b6744
SHA256:ee9c745ec13fb4389968431701fecabaa3fd85f607e694e0d8747703a60fe0dc
Tags:exe
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:20%

Compliance

Score:34
Range:0 - 100

Signatures

Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Enables security privileges
Found dropped PE file which has not been started or loaded
Installs a raw input device (often for capturing keystrokes)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample searches for specific file, try point organization specific fake files to the analysis machine
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Process Tree

  • System is w10x64
  • zentaoclient.exe (PID: 3448 cmdline: "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" MD5: 7332992028A2C1F3CE747C62254B38E7)
    • zentaoclient.exe (PID: 6192 cmdline: "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2 MD5: 7332992028A2C1F3CE747C62254B38E7)
    • zentaoclient.exe (PID: 6508 cmdline: "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8 MD5: 7332992028A2C1F3CE747C62254B38E7)
    • zentaoclient.exe (PID: 6276 cmdline: "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1 MD5: 7332992028A2C1F3CE747C62254B38E7)
    • zentaoclient.exe (PID: 5436 cmdline: "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1 MD5: 7332992028A2C1F3CE747C62254B38E7)
    • zenshot.exe (PID: 6344 cmdline: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe MD5: 9F1881A02F5570D1A853BBDB5A954E4B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\zentaoclient-updater\installer.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\zentaoclient-updater\installer.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeEXE: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeJump to behavior
Uses 32bit PE files
Source: SecuriteInfo.com.Heur.21832.3236.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates a software uninstall entry
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698Jump to behavior
Creates license or readme file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSE.electron.txtJump to behavior
PE / OLE file has a valid certificate
Source: SecuriteInfo.com.Heur.21832.3236.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SecuriteInfo.com.Heur.21832.3236.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: electron.exe.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000780B000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdbj source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconenginesJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\binJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearerJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resourcesJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshotJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\localesJump to behavior
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: a--optimize-for-size--noharmony-shipping--harmony--wasm-staging--future--no-future--liftoff--no-liftoff--wasm-lazy-compilation--no-wasm-lazy-compilation--experimental-wasm-simd--no-experimental-wasm-simd--harmony-import-assertions--harmony-atomics--no-harmony-sharedarraybuffer--wasm-tier-up--no-wasm-tier-up--no-wasm-trap-handler--no-untrusted-code-mitigationsV8.MemoryHeapUsedV8.MemoryHeapCommitted.gmail.docs.plus.inboxcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.com equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000006FE5000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://%s:80../../services/network/public/cpp/network_connection_tracker.ccOnNetworkChangedOnGetConn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007075000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774D3C000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://.css
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007075000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774D3C000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://.jpg
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://2x.io
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://allyoucanleet.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1085
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452expand_integer_pow_expressionsThe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1512
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1637
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1936
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2046
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152skip_vs_constant_register_zeroIn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2273
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2514
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2727
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2978
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3016
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3027
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3045
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3153
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3243
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246allow_clear_for_robust_resource_initSome
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3529
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682GL_USES_FRAG_COLORGL_USES_FRAG_DATA_SECONDARY_COLORGL_USES_SECONDARGL_USES_F
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3729
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3859
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3997
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4214
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4267
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4339
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4646
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/482
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4995
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5469
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.www.myobfuscate.com/?getsrc=ok
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-w
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.jquery.com/ticket/12385.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://casper.beckman.uiuc.edu/~c-tsai4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://chasen.aist-nara.ac.jp/chasen/distribution.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ci.testling.com/substack/node-concat-map)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ci.testling.com/substack/node-concat-map.png)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cldr.unicode.org/index/downloads
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/lao-dictionary/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/smhasher/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/v8
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/v8/issues/detail?id=1858).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1094869
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/110263
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1144207
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1171371
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/308366
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/403957
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/565179
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/619103.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/619103.Subsequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642227
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642605
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/644669
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/650547
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/672380
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/709351
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/772651
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/797243
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/809422
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/830046
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/849576
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/883276
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/927470
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThere
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/licenses/MIT/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://daniel.zelisko.net
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dev.w3.org/csswg/css-color/#hwb-to-rgb
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://devel.freebsoft.org/speechd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developers.google.com/speed/webp
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dom.spec.whatwg.org/#dom-domimplementation-hasfeature
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dom.spec.whatwg.org/#dom-node-comparedocumentposition
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dominictarr.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-patterns).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-tolength).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://encoding.spec.whatwg.org/#big5-encoder
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://esprima.org)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/commonnode-set../../third_party/blink/renderer/core/xml/xslt_extensions.ccxsltNewSe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://facebook.github.io/react/)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant=
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://fb.me/prop-types-in-prod
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://fb.me/use-check-prop-types
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://fedorahosted.org/lohit>
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://feedic.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://feross.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ghinda.net/jpeg-blob-ajax-android/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/Raynos/to-array/raw/master/LICENSE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/danielzzz/node-ping
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/dominictarr/config-chain
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/gperftools/gperftools
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/kriskowal/mr)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/sctplab/usrsctp
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/0ejHHW
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.github.io/snappy/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://hertzen.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007075000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF774D3C000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://html4/loose.dtd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxon
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icu-project.org/docs/papers/gb18030.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://img.shields.io/npm/dm/socket.io-client.svg?style=flat)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://isrc.ifpi.org/en/isrc-standard/code-syntax
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/173636783
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/1-vs-infinity
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/copy-array-inline
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/emptying-a-node
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/hashing-strings
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/key-exists
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/key-missing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/obj-vs-arr-iteration
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://jsperf.com/uncurrythis
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://juliangruber.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://llvm.org/):
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://marijnhaverbeke.nl/git/acorn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://me.abelcheung.org/articles/research/what-is-cp951/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://modernizr.com/docs/#prefixed)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://moztw.org/docs/big5/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://narwhaljs.org)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://npmjs.org)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000000.1732463402.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.org/licenses/bsd-license.php
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://promises-aplus.github.com/promises-spec/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schema.org/docs/gs.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://slack.socket.io)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://slack.socket.io/badge.svg?)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/compatibility)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://source.icu-project.org/repos/icu/data/trunk/charset/data/xml/gb-18030-2000.xml
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/16459606/376773
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/398120/376773
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/5982798/376773
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/9808332/192024).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://substack.net
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tanyabrassie.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc3501#section-5.1.3)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://travis-ci.org/substack/node-concat-map)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trevp.net/tlslite/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://underscorejs.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://underscorejs.org/LICENSE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://valgrind.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://webkit.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wiki.ecmascript.org/doku.php?id=conventions:safe_meta_programming
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wiki.ecmascript.org/doku.php?id=strawman:concurrency
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wiki.ecmascript.org/doku.php?id=strawman:concurrency&rev=1308776521#allfulfilled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat../../net/proxy_resolution/pac_file_decider.ccDoWaitDoQuickCheck../../net/proxy_
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat../../net/proxy_resolution/win/proxy_config_service_win.cc~ProxyConfigServiceWin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.andismith.com/blog/2012/02/modernizr-prefixed/)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chromium.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.color.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.color.orgRegistryNameCustomOutputConditionIdentifiersRGB
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply/ply-3.11.tar.gz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-7.9.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-array-exotic-objects
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-toint32
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.haible.de/bruno/charsets/conversion-tables/Big5.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01http://www.webrtc.org/exper
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.jclark.com/xt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.localeplanet.com/java/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nonblocking.io/2011/06/windownexttick.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nongnu.org/freebangfont/downloads.html#mukti
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ogcio.gov.hk/en/business/tech_promotion/ccli/terms/doc/2003cmp_2008.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ploscompbiol.org/static/license
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.polymer-project.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pylint.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quirksmode.org/blog/archives/2008/04/delegating_the.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quirksmode.org/blog/archives/2010/09/click_event_del.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quirksmode.org/dom/events/scroll.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quirksmode.org/dom/events/tests/scroll.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quirksmode.org/js/events_properties.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.strongtalk.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.thespanner.co.uk/2007/11/26/ultimate-xss-css-injection/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/Public/MAPPINGS/OBSOLETE/EASTASIA/OTHER/BIG5.TXT)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP950.TXT
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1841978948.0000000005CB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.webmproject.org/code/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-timeurn:3gpp:video-orientationhttp://www.we
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-timehttp://www.ietf.org/id/draft-holmer-rmcat-
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cn
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02http://www.webrtc.org/experiments/r
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-frame-tracking-id
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/parsing.html#preprocessing-the-input-str
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-input-element.html#input-type-attr-s
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#appropriate-end-tag-to
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#tokenizing-character-r
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/tree-construction.html#adoptionAgency)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www8.plala.or.jp/tkubota1/unicode-symbols-map2.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://zlib.net/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://android.com/pay
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://android.googlesource.com/platform/external/setupdesign/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4674
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4849
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5140
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/add/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/addBack/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/addClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/after/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/append/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/appendTo/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/before/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/children/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/clone/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/closest/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/contents/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/each/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/empty/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/end/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/eq/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/find/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/first/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/has/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/hasClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/index/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/insertAfter/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/insertBefore/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/is/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/jQuery.contains/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/jQuery.merge/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/last/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/map/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/next/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/nextAll/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/nextUntil/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/not/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/parent/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/parents/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/parentsUntil/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/prepend/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/prependTo/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/prev/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/prevAll/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/prevUntil/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/remove/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/removeAttr/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/removeClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/replaceWith/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/serialize/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/serializeArray/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/siblings/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/slice/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/toggleClass/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/unwrap/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/wrap/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/wrapAll/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.jquery.com/wrapInner/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://badge.fury.io/js/socket.io-client.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beautifier.io/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://bit.ly/audio-worklet)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://bit.ly/audio-worklet)ScriptProcessorHandler::ProcessScriptProcessorHandler::Process
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/gutworth/six/commits/tag/1.10.0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlaudio
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blogs.office.com/2013/04/17/outlook-com-gets-two-step-verification-sign-in-by-alias-and-new-
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=608416
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10704
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.jquery.com/ticket/13393
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.jquery.com/ticket/4833
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1276240
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=162431
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=208427
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=310299
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=912470#c31
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.android.clients.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.bigcache.googleapis.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.doc-0-0-sj.sj.googleusercontent.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.docs.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.drive.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.googlesyndication.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.pack.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.play.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.youtube.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cheerio.js.org#loading
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cheerio.js.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorehttps://clients2.google.com/service/update2/crx/detail/sb-ssl.goog
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/4735925877735424
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5436853517811712
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=355103
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/sctp-refimpl/source/browse/trunk/COPYRIGHT)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1042393
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1046462
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://crbug.com/1053756
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://crbug.com/1053756ICE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1091824
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1137851
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://crbug.com/1144908
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://crbug.com/1144908.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://crbug.com/1144908.The
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://crbug.com/1144908Changing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1154140
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024select_view_in_geometry_shaderThe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547call_clear_twiceUsing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534use_system_memory_for_constant_buffersCopying
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/705865
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/710443
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/811661
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://crbug.com/824383
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/824647
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/882238.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119../../third_party/blink/renderer/core/script/script_loader.ccPrepareScriptEx
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/954323
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/981419
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/v8/7848
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/licenses/by-sa/4.0/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://david-dm.org/socketio/socket.io-client#info=devDependencies)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://david-dm.org/socketio/socket.io-client)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://david-dm.org/socketio/socket.io-client.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://david-dm.org/socketio/socket.io-client/dev-status.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dawn.googlesource.com/tint
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dejavu-fonts.github.io/Download.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/assign)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Global_Objects/String/fromCharCode#Get
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/AnimationEvent
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent#Key_names
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Node/innerText
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/Node/textContent
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/TransitionEvent
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/At-rule
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTML/Block-level_elements
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/isindex
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTML/Inline_elements
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#Escaping
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map#Key_equality)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/android/guides/setup
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-write
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-writeDocument.writewritelnDocume
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://developers.google.com/web/updates/2019/07/web-components-time-to-upgrade
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/electron
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/library/functions.html#range).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://electronjs.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.com/immutable-js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.count
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.foreach
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.map
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.only
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.toarray
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.cloneelement
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createclass
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createelement
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createfactory
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.isvalidelement
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.finddomnode
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.render
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.unmountcomponentatnode
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-controlled-components
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-devtools
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-event-pooling
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-invariant-dangerously-set-inner-html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-legacyfactory
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-minification
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-refs-must-have-owner).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-special-props)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-spread-deprecation
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-unknown-prop%s
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-warning-dont-call-proptypes
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-warning-keys
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-warning-polyfills
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gcp.gvt2.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gcp.gvt6.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/1782808).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Automattic/engine.io-client/pull/217
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Automattic/has-binary/pull/4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Automattic/socket.io-client#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Automattic/socket.io-client.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Automattic/socket.io-parser#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Automattic/socket.io-parser.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR/safer-buffer#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Cyan4973/xxHash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/FB55/domelementtype#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/FB55/domutils#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChromeLabs/pywebsocket3/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Cross
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/MarshallOfSound/react-electron-web-view
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/MarshallOfSound/react-electron-web-view.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Microsoft/tslib.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Modernizr/Modernizr/blob/master/feature-detects/cors.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/NobleJS/setImmediate
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/NobleJS/setImmediate))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Qix-/color-convert#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Qix-/color-convert.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Qix-/color-convert/blob/3f0e0d4e92e235796ccb17f6e85c72094a651f49/conversions.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Raynos/after#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Raynos/to-array
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/STRML/async-limiter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/gh-pages/implementation-status.md
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/gh-pages/implementation-status.mdBluetoothEithe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/aawc/unrar.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/amdjs/amdjs-api/wiki/AMD#defineamd-property-
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/antirez/linenoise
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ariya/phantomjs/issues/11395
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ashtuchkin/iconv-lite
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Javascript-source-file-encodings
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Node-v4-compatibility
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ashtuchkin/iconv-lite/wiki/Use-Buffers-when-decoding
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/benjamingr/RegExp.escape/blob/main/polyfill.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/master/index.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-styles#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-styles.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-styles?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/chalk#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/chalk.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/chalk/pull/92
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/chalk?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cheeriojs/cheerio-select#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cheeriojs/cheerio?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cheeriojs/dom-renderer#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/cheeriojs/dom-serializer?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chriso/validator.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chriso/validator.js.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/colorjs/color-name
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/component/bind#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/component/bind.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/component/emitter#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/component/emitter.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/component/has-cors#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/component/inherit#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/component/inherit.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/commit/27165d2))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/commit/2a7b25c))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/commit/3e88e81))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/commit/518747d))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/commit/91aa21e))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/commit/f9be9b3))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/compare/0.1.5...0.1.6)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/compare/0.1.6...0.1.7)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/compare/0.1.7...1.0.0)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/compare/1.0.0...1.0.1)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/compare/1.0.1...1.0.2)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/compare/1.0.2...1.0.3)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/issues/3))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/issues/4))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/issues/6))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/darrachequesne/has-binary/issues/7))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/config-chain.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dpranke/pyjson5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dustingetz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/editorconfig/editorconfig-core-js#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/electron/electron/issues
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/electron/electron/issues/18397.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/electron/electron/issues/18397.Loading
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/electron/electron/issues/18397.Module
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/electron/electron/tree/v$
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/flow/blob/master/lib/core.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/immutable-js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/jest#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/jest.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react-native/pull/1632
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/issues/1698
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/issues/3236).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/issues/6887
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/issues/708.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/issues/7233
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/issues/7240
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/pull/6896
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/pull/7101
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/pull/7178
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/react/pull/7232
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/DomHandler#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/boolbase
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/boolbase)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/boolbase.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/css-select#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/css-select/pull/43#issuecomment-225414692
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/css-what#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/css-what.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/domelementtype#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/domhandler#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/domhandler?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/domutils#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/domutils?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/entities#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/entities?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/htmlparser2#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/htmlparser2?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/nth-check
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/nth-check.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fb55/nth-check?sponsor=1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/get/parseuri
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/get/parseuri.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/get/querystring
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/get/querystring.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gimdongwoo)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/repairES5.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/startSES.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/desugar_jdk_libs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/private-join-and-compute
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/protobuf
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/re2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ruy
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/securemessage
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/shaderc
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/shell-encryption
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ukey2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/woff2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wuffs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gotwarlost/istanbul/blob/master/ignoring-code-for-coverage.md#ignoring-code-for-c
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inikulin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inikulin)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inikulin/parse5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inikulin/parse5/issues/97#issuecomment-171940774)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inikulin/parse5/tree/master/scripts/generate-named-entity-data/README.md)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inikulin/parse5/tree/master/scripts/generate_named_entity_data/README.md
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inikulin/parse5/tree/master/scripts/generate_named_entity_data/README.md)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/abbrev-js#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/fs.realpath#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/fs.realpath.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/inflight
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/inherits#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/ini#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minimatch#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-glob#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-glob/issues/167
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-glob/issues/205
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-lru-cache#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/once#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/proto-list#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/proto-list.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/pseudomap#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/pseudomap.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/sigmund#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/yallist#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/yallist.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery/blob/2.1.3/src/manipulation/var/rcheckableType.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery/blob/2.1.3/src/serialize.js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery/blob/3.6.0/AUTHORS.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/sizzle
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L139
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L152
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jsdevkr/react-chatview#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jsdevkr/react-chatview.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/juliangruber/balanced-match
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/juliangruber/brace-expansion
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/juliangruber/isarray
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/kriskowal
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/kriskowal/q
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/kriskowal/q/blob/v1/LICENSE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/kriskowal/q/wiki/API-Reference
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/leebyron
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lodash/lodash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lodash/lodash.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/marijnh/acorn.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mathiasbynens/he/blob/master/src/he.js#L94-L119
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mishoo/UglifyJS2/blob/v2.4.20/lib/parse.js#L216
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mjwwit/node-XMLHttpRequest#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mokesmokes/backo#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mokesmokes/backo.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/niklasvh/base64-arraybuffer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/niklasvh/base64-arraybuffer.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/niklasvh/base64-arraybuffer/blob/master/LICENSE-MIT
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/32020
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/8871#issuecomment-250915913
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/9006
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/inflight.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/nopt#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/nopt.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/promises-aplus/promises-tests
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rase-/arraybuffer.slice
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/simplejson/simplejson
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/has-flag#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/has-flag.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/path-is-absolute#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/path-is-absolute.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/slevithan/xregexp/blob/95eeebeb8fac8754d54eafe2b4743661ac1cf028/src/xregexp.js#L7
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/socketio/engine.io-client
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/socketio/engine.io-client.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/socketio/engine.io-parser
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/socketio/socket.io-client/actions)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/socketio/socket.io-client/workflows/CI/badge.svg)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/spicyj/innerhtml-vs-createelement-vs-clonenode.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/fb55
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/isaacs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/stiang/remove-markdown
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/stiang/remove-markdown.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/substack/node-concat-map#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tensorflow
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/text.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tflite-support
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tj/commander.js#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tj/commander.js.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/unshiftio/yeast
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/unshiftio/yeast.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/visionmedia/debug#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/gamepad/pull/112
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000006FA1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/web-animations/web-animations-js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/webmodules/blob
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1202
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1869.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/whatwg/html/issues/2369
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/whatwg/html/pull/907/files#r73505877
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/xiph/rnnoise
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yujiosaka/socke.io-ie8-loading-example
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zeit/ms#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zeit/ms.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zulhilmizainuddin/nodejs-traceroute#readme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zulhilmizainuddin/nodejs-traceroute.git
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/wayland/weston
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://goo.gl/4NeimX
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/7K7WLu
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/7K7WLuThe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/7K7WLuWebAudio.AutoplayWebAudio.Autoplay.CrossOriginWebAudio.Autoplay.UnlockType../..
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://goo.gl/EuHzyv
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://goo.gl/HxfxSQ
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://goo.gl/J6ASzs
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22Empty
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22Failed
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C9A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/Y0ZkNV).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/rStTGz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/xX8pDD
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/xX8pDDplay()
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/ximf56
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/ximf56Iframe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-analytics.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://google.com/pay
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://google.com/payhttps://android.com/paysecure-payment-confirmationAppStoreBillingPlaceHolderZZ
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googlevideo.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt1.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt2.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt6.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/#nonce-attributes
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/#read-text
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/comms.html#the-websocket-interface
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/form-elements.html#concept-option-selectedness
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/microdata.html#microdata-dom-api
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/parsing.html#parsing-main-inforeign
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#disabled-elements
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/semantics-other.html#case-sensitivity-of-selectors
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/semantics.html#the-html-element
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#generate-implied-end-tags
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#has-an-element-in-button-scope
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#has-an-element-in-scope
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#html-integration-point
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inbody
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incaption
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incolgroup
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inhead
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inselect
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intable
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intbody
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intd
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intr
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#special
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#tag-name-state
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#tag-open-state
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jquery.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jquery.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jquery.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jquery.org/license
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://js.foundation/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jsoneditoronline.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/object-keys-vs-for-in-with-closure/3
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/icon.svg
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lodash.com/license
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-unicode).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mdn.io/Structured_clone_algorithm)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mths.be/punycode
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mths.be/utf8js
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://no-color.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/stream.html#stream_decoding_buffers_in_a_writable_stream
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v14.16.0/node-v14.16.0-headers.tar.gz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v14.16.0/node-v14.16.0.tar.gz
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v14.16.0/node-v14.16.0.tar.gzhttps://nodejs.org/download/release
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v14.16.0/win-x64/node.lib
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspector
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npmjs.org/package/iniparser
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npmjs.org/package/minimatch
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://openjsf.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pagure.io/lohit
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-tolength
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://play.google.com/billing
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://play.google.com/billingQuota
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ponyfill.com/)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-48
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-54
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-57
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-59
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-61
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-64
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://promisesaplus.com/#point-75
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://quiche.googlesource.com/quiche
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/dominictarr/config-chain/master/LICENCE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://secure.travis-ci.org/substack/node-concat-map.png)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sizzlejs.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://skia.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/project/?group_id=1519
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2045
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2046
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2152
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2822#appendix-A.1.2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3339#section-5.6
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc4007#section-11
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5280#section-4.2.1.13
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5280#section-5.2.7.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-9.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6657).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6960
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-3.1.1.1
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-3.1.1.5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://underscorejs.org
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/manifest/#installability-signalsVideoFrameProviderClientImpl::StartRenderingVi
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webrtc.org/web-apis/chrome/unified-plan/.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.ecmascript.org/doku.php?id=harmony:egal).
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.bluetooth.com/specifications/gatt/characteristics
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.bluetooth.com/specifications/gatt/descriptors
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.bluetooth.com/specifications/gatt/services
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/4664843055398912
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5082396709879808
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5082396709879808BeforeUnloadNoGestureBlocked
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5138066234671104
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5629582019395584.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.NavigatorVibrate../../third_party/blink/render
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5654791610957824
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.Blocked
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5687444770914304
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5714245488476160
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5735596811091968
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5738264052891648DeprecationReportBody
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5745543795965952
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5745543795965952blinkAddEventListenerAdded
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5749447073988608
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5749447073988608Added
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/6451284559265792
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/%s
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5093566007214080
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/50935660072140800
Source: zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.chromestatus.com/features/5144752345317376
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5637885046816768.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5654810086866944
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5851021045661696.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/5851021045661696.The
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/6107495151960064
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/6662647093133312
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/features/6680566019653632
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.The
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cl.cam.ac.uk/%7Emgk25/ucs/utf8_check.c
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.computerhope.com/jargon/h/html-basefont-tag.htm
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/media-types/media-types.xhtml)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/socket.io-client)
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.typescriptlang.org/
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/copyright.html.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1895509910.0000000003300000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968503333.0000000005AB0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1968762380.0000000005C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.zentao.net/0
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/.
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971322469.00000000066A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_b2c9f445-0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_030910D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,0_2_030910D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_00406B150_2_00406B15
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_004072EC0_2_004072EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_00404C9E0_2_00404C9E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeProcess token adjusted: SecurityJump to behavior
Source: updater.win64.exe.0.drStatic PE information: Number of sections : 11 > 10
Source: zentaoclient.exe.0.drStatic PE information: Number of sections : 12 > 10
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQt5Gui.dll( vs SecuriteInfo.com.Heur.21832.3236.exe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs SecuriteInfo.com.Heur.21832.3236.exe
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename: vs SecuriteInfo.com.Heur.21832.3236.exe
Source: SecuriteInfo.com.Heur.21832.3236.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: clean5.winEXE@12/188@0/0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404722
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeMutant created: \Sessions\1\BaseNamedObjects\Local\AtomProcessSingletonStartup!
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeMutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeMutant created: \Sessions\1\BaseNamedObjects\f3057352-10e3-53a8-8e7d-c7f226474698
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Temp\nsk192.tmpJump to behavior
Source: SecuriteInfo.com.Heur.21832.3236.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe "C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe"
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: msspellcheckingfacility.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mf.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: msmpeg2vdec.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: msvproc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: ddraw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dciman32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: comppkgsup.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mfh264enc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: windows.media.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: qt5widgets.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: qt5network.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: qt5core.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: qt5gui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: qt5core.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: qt5core.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: qt5core.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: qt5svg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: ??.lnk.0.drLNK file: ..\..\..\..\..\Local\Programs\zentaoclient\zentaoclient.exe
Source: ??.lnk0.0.drLNK file: ..\AppData\Local\Programs\zentaoclient\zentaoclient.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeAutomated click: Next >
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeAutomated click: Install
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3057352-10e3-53a8-8e7d-c7f226474698Jump to behavior
Source: SecuriteInfo.com.Heur.21832.3236.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.Heur.21832.3236.exeStatic file information: File size 86971128 > 1048576
Source: SecuriteInfo.com.Heur.21832.3236.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: electron.exe.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000780B000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\work\mesa\git\mesa\build\windows-x86\gallium\targets\libgl-gdi\opengl32.pdbj source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp
Source: d3dcompiler_47.dll.0.drStatic PE information: 0xF3329C94 [Sat Apr 18 07:26:12 2099 UTC]
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_030910D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,0_2_030910D0
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: updater.win64.exe.0.drStatic PE information: section name: /4
Source: updater.win64.exe.0.drStatic PE information: section name: /18
Source: updater.win64.exe.0.drStatic PE information: section name: /30
Source: updater.win64.exe.0.drStatic PE information: section name: /43
Source: updater.win64.exe.0.drStatic PE information: section name: /59
Source: updater.win64.exe.0.drStatic PE information: section name: /75
Source: updater.win64.exe.0.drStatic PE information: section name: /90
Source: updater.win64.exe.0.drStatic PE information: section name: .symtab
Source: qgenericbearer.dll.0.drStatic PE information: section name: .qtmetad
Source: qsvgicon.dll.0.drStatic PE information: section name: .qtmetad
Source: qgif.dll.0.drStatic PE information: section name: .qtmetad
Source: qicns.dll.0.drStatic PE information: section name: .qtmetad
Source: qico.dll.0.drStatic PE information: section name: .qtmetad
Source: qjpeg.dll.0.drStatic PE information: section name: .qtmetad
Source: qsvg.dll.0.drStatic PE information: section name: .qtmetad
Source: qtga.dll.0.drStatic PE information: section name: .qtmetad
Source: qtiff.dll.0.drStatic PE information: section name: .qtmetad
Source: qwbmp.dll.0.drStatic PE information: section name: .qtmetad
Source: qwebp.dll.0.drStatic PE information: section name: .qtmetad
Source: qwebp.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: opengl32sw.dll.0.drStatic PE information: section name: _RDATA
Source: qwindows.dll.0.drStatic PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.drStatic PE information: section name: .qtmetad
Source: libEGL.dll1.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll1.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll1.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll1.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: zentaoclient.exe.0.drStatic PE information: section name: .00cfg
Source: zentaoclient.exe.0.drStatic PE information: section name: .retplne
Source: zentaoclient.exe.0.drStatic PE information: section name: .rodata
Source: zentaoclient.exe.0.drStatic PE information: section name: CPADinfo
Source: zentaoclient.exe.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\zentaoclient-updater\installer.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Gui.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Widgets.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Svg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Core.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\D3Dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Network.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\opengl32sw.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer\qgenericbearer.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??.lnkJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qsvg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\opengl32sw.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer\qgenericbearer.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile Volume queried: C:\Users\user\AppData\Local\Programs FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile Volume queried: C:\Users\user\AppData\Local\Programs FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeFile Volume queried: C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeFile Volume queried: C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeFile Volume queried: C:\Users\user\AppData\Roaming\zentaoclient\blob_storage\ad052674-6a2b-49a8-9bb3-be27f31603c8 FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconenginesJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\binJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearerJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resourcesJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshotJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeFile opened: C:\Users\user\AppData\Local\Programs\zentaoclient\localesJump to behavior
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: invalid PARAM usage_mesa_symbol_table_push_scope_mesa_symbol_table_add_symbol_mesa_symbol_table_add_global_symbolARB_position_invariantARB_fog_expexp2linearprecision_hint_nicestfastestdraw_buffersfragment_program_shadowfragment_coord_origin_upper_leftpixel_center_integerATI_fatal flex scanner internal error--no action foundfatal flex scanner internal error--end of buffer missedfatal error - scanner input buffer overflowinput in flex scanner failedout of dynamic memory in yy_get_next_buffer()flex scanner push-back overflowout of dynamic memory in _mesa_program_lexer__create_buffer()out of dynamic memory in _mesa_program_lexer_ensure_buffer_stack()out of dynamic memory in _mesa_program_lexer__scan_buffer()out of dynamic memory in _mesa_program_lexer__scan_bytes()bad buffer in _mesa_program_lexer__scan_bytes()_mesa_program_lexer_set_lineno called with no buffer_mesa_program_lexer_set_column called with no bufferSOFTPIPE_USE_LLVMVMware, Inc.softpipeUnexpected PIPE_CAP %d query
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual Webcam
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMnet
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@L
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: LLVMX86_FP80TypeKind
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006C12000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Net.RedirectChainLengthurl_chainload_state_paramdelegate_blocked_byhas_uploadis_pendingDelegateNet.URLRequest.ReferrerPolicyForRequest.SameOriginNet.URLRequest.ReferrerHasInformativePath.SameOriginNet.URLRequest.ReferrerPolicyForRequest.CrossOriginNet.URLRequest.ReferrerHasInformativePath.CrossOriginURLRequestContextnet/url_request_context/%s/0x%llx../../net/url_request/url_request_job.ccOnDonenum_failuresrelease_after_msThrottling.RequestThrottled%08x: %02x ../../net/base/network_interfaces_win.ccWlanApiwlanapi.dllWlanQueryInterfaceWlanSetInterfaceVMnetGetAdaptersAddresses failed: ../../net/cert/x509_util_win.ccerror parsing intermediate
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: eb1a:2860eb1a:28201ce6:282012ab:03801943:22530c45:64d00c45:64d21bcf:298504ca:704704ca:704804f2:b3ed04f2:b3ca05c8:035d05c8:036904ca:709513d3:52570bda:57f2VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCam../../media/capture/video/video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.000000000700A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1925344352.0000000007517000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: t1t0t3t2dst1dst0dst3dst2LLVMFloatTypeKindLLVMVoidTypeKindLLVMX86_FP80TypeKindLLVMDoubleTypeKindLLVMPPC_FP128TypeKindLLVMFP128TypeKindLLVMIntegerTypeKindLLVMLabelTypeKindLLVMStructTypeKindLLVMFunctionTypeKindLLVMPointerTypeKindLLVMArrayTypeKindLLVMMetadataTypeKindLLVMVectorTypeKindVector [%u] of %u-bit Integer
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Adreno (TM) 418Adreno (TM) 530Adreno (TM) 540GL_EXT_texture_lod_biasARB_draw_buffersGL_ARB_texture_swizzleGL_EXT_texture_swizzleGL_ARB_pixel_buffer_objectGL_EXT_pixel_buffer_objectGL_EXT_draw_buffers2GL_ARB_fragment_shaderGL_NV_texture_border_clampGL_ARB_robust_buffer_access_behaviorGL_EXT_framebuffer_sRGBGL_ARB_framebuffer_sRGBfunctions->standard == STANDARD_GL_DESKTOP && isAMDfunctions->standard == STANDARD_GL_DESKTOP && isIntelisIntel && !IsSandyBridge(device) && !IsIvyBridge(device) && !IsHaswell(device)IsApple() && isIntelisIntel && IsApple() && IsSkylake(device) && GetMacOSVersion() < OSVersion(10, 13, 2)functions->standard == STANDARD_GL_DESKTOP && (isIntel || isAMD)IsLinux() && functions->standard == STANDARD_GL_DESKTOP && isAMD(IsApple() && functions->standard == STANDARD_GL_DESKTOP) || (IsLinux() && isAMD)IsApple() && functions->standard == STANDARD_GL_DESKTOP && GetMacOSVersion() < OSVersion(10, 11, 0)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 0)IsApple() && isAMDIsAndroid() && isQualcommfunctions->standard == STANDARD_GL_DESKTOP && isNvidiaIsApple() || isNvidiafunctions->isAtMostGL(gl::Version(4, 1)) || (functions->standard == STANDARD_GL_DESKTOP && isAMD)isAMD || IsAndroid()IsAndroid() || isNvidia(IsAndroid() && isQualcomm) || (isIntel && IsApple())isAMD || isIntelIsNexus5X(vendor, device)IsAndroid() || (IsWindows() && isIntel)(IsWindows() && (isIntel || isAMD)) || (IsLinux() && isNvidia) || IsIOS() || IsAndroidEmulator(functions)IsAndroid() || limitMaxTextureSizeIsAndroid() || (IsApple() && (isIntel || isAMD || isNvidia))limitMaxTextureSizeIsApple()IsAndroid() || isAMD || !functions->hasExtension("GL_KHR_robust_buffer_access_behavior")IsApple() && isIntel && GetMacOSVersion() >= OSVersion(10, 12, 4)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 6)IsLinux() || (IsAndroid() && isNvidia) || (IsWindows() && isNvidia) || (IsApple() && functions->standard == STANDARD_GL_ES)IsApple() || (IsLinux() && isAMD)IsApple() || (IsWindows() && isAMD)functions->standard == STANDARD_GL_DESKTOP && functions->isAtLeastGL(gl::Version(3, 1)) && !functions->isAtLeastGL(gl::Version(4, 3))features->emulatePrimitiveRestartFixedIndex.enabled && IsApple() && isIntelIsApple() || IsAndroid() || IsWindows()functions->standard == STANDARD_GL_ES && functions->isAtLeastGLES(gl::Version(3, 1)) && functions->hasGLESExtension("GL_EXT_texture_norm16")IsWindows() && isAMDIsLinux() && isAMD && isMesa && mesaVersion < (std::array<int, 3>{19, 3, 5})(IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))IsApple() && functions->standard == STANDARD_GL_ES && !(isAMD && IsWindows())isDualGPUMacWithNVIDIAisTSANBuild && IsLinux() && isNvidiaIsApple() && (isAMD || isIntel || isNvidia)IsLinux() && IsWayland()!CanMapBufferForRead(functions)IsApple() && hasAMDIsAdreno42xOr3xx(func
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeAPI call chain: ExitProcess graph end nodegraph_0-3612
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_030910D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,0_2_030910D0
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --gpu-preferences=saaaaaaaaadgaaawaaaaaaaaaaaaaaaaaabgaaaaaaaoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab4aaaaaaaaahgaaaaaaaaakaaaaaqaaaagaaaaaaaaacgaaaaaaaaamaaaaaaaaaa4aaaaaaaaabaaaaaaaaaaaaaaaauaaaaqaaaaaaaaaaaaaaagaaaaeaaaaaaaaaabaaaabqaaabaaaaaaaaaaaqaaaayaaaaiaaaaaaaaaagaaaaaaaaa --mojo-platform-channel-handle=1612 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.networkservice --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --disable-gpu-compositing --lang=en-gb --app-user-model-id=com.cnezsoft.zentaoclient --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --gpu-preferences=saaaaaaaaadgaaawaaaaaaaaaaaaaaaaaabgaaaaaaaoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab4aaaaaaaaahgaaaaaaaaakaaaaaqaaaagaaaaaaaaacgaaaaaaaaamaaaaaaaaaa4aaaaaaaaabaaaaaaaaaaaaaaaauaaaaqaaaaaaaaaaaaaaagaaaaeaaaaaaaaaabaaaabqaaabaaaaaaaaaaaqaaaayaaaaiaaaaaaaaaagaaaaaaaaa --mojo-platform-channel-handle=1612 /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.networkservice --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --lang=en-gb --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeProcess created: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe "c:\users\user\appdata\local\programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=cookieswithoutsamesitemustbesecure,samesitebydefaultcookies,sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand --disable-gpu-compositing --lang=en-gb --app-user-model-id=com.cnezsoft.zentaoclient --app-path="c:\users\user\appdata\local\programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1Jump to behavior
Source: SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ../../third_party/webrtc/modules/desktop_capture/win/window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progmanffff:%hx%n%4hx%n../../third_party/webrtc/modules/desktop_capture/win/dxgi_frame.ccDxgiFrame cannot create a new DesktopFrame.../../third_party/webrtc/modules/desktop_capture/win/dxgi_adapter_duplicator.ccIDXGIAdapter::EnumOutputs returned NOT_CURRENTLY_AVAILABLE. This may happen when running in session 0.IDXGIAdapter::EnumOutputs returned an unexpected result: Failed to convert IDXGIOutput to IDXGIOutput1, this usually means the system does not support DirectX 11Failed to initialize DxgiOutputDuplicator on output AttachedDetached output ) - () is ignored.Failed to get output description of device , ignore.Cannot initialize any DxgiOutputDuplicator instance.
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\en.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exeQueries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\extensions.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
Windows Service		1
Access Token Manipulation		1
Masquerading		11
Input Capture		1
Security Software Discovery		Remote Services11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		1
Registry Run Keys / Startup Folder		1
Windows Service		1
Access Token Manipulation		LSASS Memory2
Process Discovery		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		12
Process Injection		12
Process Injection		Security Account Manager1
Remote System Discovery		SMB/Windows Admin Shares1
Clipboard Data		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Search Order Hijacking		1
Registry Run Keys / Startup Folder		1
Timestomp		NTDS3
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading		1
DLL Side-Loading		LSA Secrets25
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1428295 Sample: SecuriteInfo.com.Heur.21832... Startdate: 18/04/2024 Architecture: WINDOWS Score: 5 5 SecuriteInfo.com.Heur.21832.3236.exe 13 236 2->5         started        8 zentaoclient.exe 46 2->8         started        file3 18 C:\Users\user\AppData\Local\...\installer.exe, PE32 5->18 dropped 20 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 5->20 dropped 22 C:\Users\user\AppData\Local\...\nsProcess.dll, PE32 5->22 dropped 24 44 other files (none is malicious) 5->24 dropped 10 zentaoclient.exe 1 8->10         started        12 zentaoclient.exe 1 8->12         started        14 zentaoclient.exe 1 8->14         started        16 2 other processes 8->16 process4

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\vcruntime140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object0%URL Reputationsafe
https://openjsf.org/0%URL Reputationsafe
https://crbug.com/5930240%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
http://anglebug.com/14520%URL Reputationsafe
http://anglebug.com/36230%URL Reputationsafe
http://anglebug.com/36250%URL Reputationsafe
http://anglebug.com/36240%URL Reputationsafe
https://heycam.github.io/webidl/#es-interfaces0%URL Reputationsafe
https://tc39.github.io/ecma262/#sec-object.prototype.tostring0%URL Reputationsafe
https://dejavu-fonts.github.io/Download.html0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://bugzilla.mozilla.org/show_bug.cgi?id=310299SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
    		high
    https://url.spec.whatwg.org/#concept-url-originSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThereSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
        		unknown
        https://www.ecma-international.org/ecma-262/8.0/#sec-atomescapeSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://github.com/darrachequesne/has-binary/commit/3e88e81))SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://www.chromestatus.com/features/5144752345317376zentaoclient.exe, 00000005.00000000.2033367173.00007FF774CAC000.00000002.00000001.01000000.00000010.sdmpfalse
              		high
              https://github.com/chalk/chalk/pull/92SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                http://crbug.com/619103.SubsequenceSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpfalse
                  		unknown
                  https://tools.ietf.org/html/rfc4007#section-11SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    http://anglebug.com/4995SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                      		unknown
                      https://html.spec.whatwg.org/multipage/syntax.html#specialSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/sindresorhus/path-is-absolute.gitSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://dev.w3.org/csswg/css-color/#hwb-to-rgbSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anonSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://www.ecma-international.org/ecma-262/5.1/#sec-7.9.1SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://api.jquery.com/has/SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/fb55/entities?sponsor=1SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://tc39.github.io/ecma262/#sec-%iteratorprototype%-objectSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://github.com/ChALkeRSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/spicyj/innerhtml-vs-createelement-vs-clonenode.SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://jsoneditoronline.orgSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://url.spec.whatwg.org/#concept-urlencoded-serializerSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.chromium.org/blink/origin-trials/portals.SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/zulhilmizainuddin/nodejs-traceroute#readmeSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://semver.org/SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://jsperf.com/obj-vs-arr-iterationSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://openjsf.org/SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://github.com/jrmuizel/qcms/tree/v4SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://chromium.googlesource.com/chromium/src/zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpfalse
                                                        		high
                                                        https://developer.mozilla.org/en-US/docs/Web/HTML/Block-level_elementsSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://developer.mozilla.org/en-US/docs/Web/API/AnimationEventSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://tools.ietf.org/html/rfc7231#section-3.1.1.1SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.chromium.org/blink/origin-trials/portals.TheSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crbug.com/619103.SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006DBC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://github.com/socketio/engine.io-parserSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://crbug.com/593024SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://github.com/MarshallOfSound/react-electron-web-viewSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/facebook/react/issues/708.SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://github.com/fb55/domhandler?sponsor=1SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://w3c.github.io/manifest/#installability-signalsSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.midnight-commander.org/browser/lib/tty/key.cSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/stiang/remove-markdown.gitSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://tools.ietf.org/html/rfc7540#section-8.1.2.5SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://exslt.org/commonSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.squid-cache.org/Doc/config/half_closed_clients/SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscapeSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/KhronosGroup/SPIRV-Headers.gitSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://developers.google.com/speed/webpSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://jsperf.com/getall-vs-sizzle/2SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://issuetracker.google.com/161903006SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/nodejs/node/pull/33661SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.nongnu.org/freebangfont/downloads.html#muktiSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://narwhaljs.org)SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		low
                                                                                                    https://api.jquery.com/addBack/SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/kriskowal/qSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/1452SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.ogcio.gov.hk/tc/business/tech_promotion/ccli/terms/doc/hkscs-2008-big5-iso.txtSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://fb.me/react-special-props)SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/ChALkeR/safer-buffer#readmeSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.chromestatus.com/feature/5738264052891648DeprecationReportBodySecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/electron/electron/issues/18397.ModuleSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1971925723.0000000006CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://travis-ci.org/substack/node-concat-map)SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.ecma-international.org/ecma-262/#sec-line-terminatorsSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/darrachequesne/has-binary/commit/2a7b25c))SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://sizzlejs.com/SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.iana.org/assignments/media-types/media-types.xhtml)SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/unshiftio/yeast.gitSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/Qix-/color-convert.gitSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://api.jquery.com/is/SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/get/parseuriSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/3623SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://anglebug.com/3625SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://bugs.jquery.com/ticket/12359SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/visionmedia/debug#readmeSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://anglebug.com/3624SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        http://www.unicode.org/copyright.htmlSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1841978948.0000000005CB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://beacons.gcp.gvt2.com/domainreliability/uploadSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000075F4000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.0000000007665000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://github.com/facebook/react/pull/7232SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://crbug.com/1053756SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.000000000777B000.00000004.00001000.00020000.00000000.sdmp, zentaoclient.exe, 00000005.00000000.2033367173.00007FF775344000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://issuetracker.google.com/issues/166475273SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/kriskowal/q/wiki/API-ReferenceSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://heycam.github.io/webidl/#es-interfacesSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://api.jquery.com/removeAttr/SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaqueSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://ecma-international.org/ecma-262/7.0/#sec-tolength).SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://github.com/google/shadercSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/facebook/jest.gitSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/nodejs/node/issuesSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigitsSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972633551.00000000074A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://bugs.chromium.org/p/chromium/issues/detail?id=378607SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://tc39.github.io/ecma262/#sec-object.prototype.tostringSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://url.spec.whatwg.org/#urlsearchparamsSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1972304883.0000000007102000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://api.jquery.com/last/SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1871345709.0000000005AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://infra.spec.whatwg.org/#ascii-whitespaceSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://dejavu-fonts.github.io/Download.htmlSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://stackoverflow.com/a/16459606/376773SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1874475038.0000000006AA0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://pagure.io/lohitSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1824499383.0000000005190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://github.com/jquery/jquery.gitSecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1872487405.00000000066A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/3859SecuriteInfo.com.Heur.21832.3236.exe, 00000000.00000003.1913362084.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    No contacted IP infos

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                    Analysis ID:1428295
                                                                                                                                                                                    Start date and time:2024-04-18 19:33:14 +02:00
                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 8m 48s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                    Number of analysed new started processes analysed:15
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Sample name:SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    Detection:CLEAN
                                                                                                                                                                                    Classification:clean5.winEXE@12/188@0/0
                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                    • Number of executed functions: 46
                                                                                                                                                                                    • Number of non-executed functions: 25
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, CompPkgSrv.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                    • VT rate limit hit for: SecuriteInfo.com.Heur.21832.3236.exe

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                    19:34:50API Interceptor1x Sleep call for process: zenshot.exe modified

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    No context

                                                                                                                                                                                    Domains

                                                                                                                                                                                    No context

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    No context

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    No context

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    No context

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSE.electron.txt

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1096
                                                                                                                                                                                    Entropy (8bit):5.13006727705212
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                    MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                    SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                    SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                    SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                    Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\LICENSES.chromium.html

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5370001
                                                                                                                                                                                    Entropy (8bit):4.849557721751705
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS
                                                                                                                                                                                    MD5:6B84319EE8A0A0AF690273D3D2DCBAF4
                                                                                                                                                                                    SHA1:857CA353E0582D100DCBC6CB6761BB4430D0CB90
                                                                                                                                                                                    SHA-256:FC2A256467FB4D4FF72BE6C423E5961E98B418554DEEEC296ADED0E757B9A585
                                                                                                                                                                                    SHA-512:26F9842BFDB429EF132CC1A930DA9187071A339927EDA402E8D54B5EB9E03067612CDADC3A2DAD3D0977F8E6AF18C05EAB6AC91720221C6A0104F96638F85A8A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                    Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<meta name="color-scheme" content="light dark">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<style>..html {.. --google-blue-50: rgb(232, 240, 254);.. --google-blue-300: rgb(138, 180, 248);.. --google-blue-600: rgb(26, 115, 232);.. --google-blue-900: rgb(23, 78, 166);.. --google-grey-200: rgb(232, 234, 237);.. --google-grey-800: rgb(60, 64, 67);.. --google-grey-900: rgb(32, 33, 36);.... --interactive-color: var(--google-blue-600);.. --primary-color: var(--google-grey-900);.... --product-background: var(--google-blue-50);.. --product-text-color: var(--google-blue-900);.... background: white;..}....@media (prefers-color-scheme: dark) {.. html {.. --interactive-color: var(--google-blue-300);.. --primary-color: var(--google-grey-200);.... --product-background: v

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\Uninstall zentaoclient.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):221600
                                                                                                                                                                                    Entropy (8bit):7.789465584785719
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:r740Ih/QIpEMt+MO2Ua8T2t0EyL+ta851Q:Xi/QMJJCLRKE85C
                                                                                                                                                                                    MD5:E57F1F300E695536CFDF17DA1CF72071
                                                                                                                                                                                    SHA1:4509A5AFA20FF740B816E0CB615632640ACCC073
                                                                                                                                                                                    SHA-256:7953E406860AD62018461EB8C8A33324C609CB60379B0FE74E9AB7DDF55480F0
                                                                                                                                                                                    SHA-512:18FB29C9FE494B1419F4FF8B38972B8480B09B446B3D24ACAA9C904A1F9B91CD3CBD3D09819A581FA5747C511E2D25E2DDF0E65DD3DA2940E5C896494F948AC7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@...3............@..................................9....@.............................................x............ ...A...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...@...............................rsrc...x...........................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\chrome_100_percent.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):141525
                                                                                                                                                                                    Entropy (8bit):7.919777817493783
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:igKzw9bpyZFM5fgm32Z8Gb0+VRLf0ld0GY3cQ3F2DExm/KLQ2I:nKzw9ozA4m3m8Gb0OV8ld0GecQ3mExhk
                                                                                                                                                                                    MD5:03AAA4F8525BA4B3E30D2A02CB40AB7A
                                                                                                                                                                                    SHA1:DD9AE5F8B56D317C71D0A0A738F5D4A320A02085
                                                                                                                                                                                    SHA-256:C3F131FAEEFAB4F506BF61C4B7752A6481F320429731D758EF5413A2F71441F7
                                                                                                                                                                                    SHA-512:C89A1B89B669602BA7C8BF2C004755CAC7320189603FECB4F4C5CF7A36DB72DA651C7B613607146F0C6DA9EEC5DF412C7FBA75475352192351C02AEBDAA7D9A9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                    Preview:..................#.N...:......T.....T.....T.....T.....T1....T.... T....!T...."T....#T....$T/...+T."..,TM$../T.%..0T:'..7T.'..8T31..9Ta9..:T.;..;T)<...^.=...^8>...^.?...^.B...^.E...^.I...^.M...^.P...^.T..V^WX..W^.Y..X^.[..Y^p\..Z^c]..[^.^..`^.^..a^L...b^....2n~...3n....4n....5n....6n....7n....8n}...:n)...<nb...=n9...>n....?n....@n....An....Bn&...Cn....En....Fn....Hn....In....Kn.)..Ln.3..Rn.7..Sn.9..Tn]B..Un.J..Vn.K..Wn3M..Xn.O..Yn:R..[n.R..]n.U..^n.X.._n.Y..`n.[..an.]..bn.^..cn.`..dn.a..fn.d..gnlf..in.i..jn,k..ln.n..mn.q..rn.s..tnb...un....vn....wn....xn...yn....zn,...{n....|n2...}n....~n....n.....n.....n.....n.....nY....n....n.....n.....nd....n9....n.....n....n.....n.....ne....n<....n.....n.....n.....n\....n#....n.....n.....n.....n.....nV....n.....n8....n.....n.....n.....n.....ng....n0....n.....n.....na....n&....n.....n.....n.....n.....n.....n.....p.....p.....p0....p.....p%....pO....p.....pf....p.....p.....pT....p.....p.....p.....p.....p.....p.....p.....p2....p.....pK....p.....p(.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\chrome_200_percent.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):206981
                                                                                                                                                                                    Entropy (8bit):7.946665927992836
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:TDQYaF+9b7zA4m0k5GMRejnbdZnVE6Yopym74:gfs7T6edhVELo374
                                                                                                                                                                                    MD5:7D4F330A5443EADF32E041C63E7E70AD
                                                                                                                                                                                    SHA1:26CE6FB98C0F28F508D7B88CF94A442B81E80C88
                                                                                                                                                                                    SHA-256:B8704BE578E7396EE3F2188D0C87D0EDE5C5702E9BB8C841B5F8D458ABF1356D
                                                                                                                                                                                    SHA-512:F1B9B0DD7396863AA0FECA06175B7F9EA0BE4122351ECF0A0549EE4C34F85AC8C63CC927D7409A40B6E19FA91D2CB00A145616BA19F47045B2345BFBC2D4802D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                    Preview:..................#.O...:......Tz....T.....Tm....T2....Tp....Tk... T)&..!Te+.."Tu...#T.5..$T":..+TyB..,T.D../T_F..0T.I..7TYJ..8T.^..9T.p..:T'v..;T.v...^#x...^.|...^8....^,....^1....^p....^.....^c....^....V^...W^....X^....Y^....Z^....[^....`^<...a^....b^=...2n....3n....4n....5n....6nB...7n{...8n....:n....<n.&..=n.-..>n73..?n.8..@n.?..AnWA..Bn.E..Cn.I..EnsS..Fn.V..Hn._..In.b..Kn.l..Ln.v..Rn*{..Sn.|..Tn....Un*...Vn....Wn....Xn*...Yn?...[nW...]nr...^n?..._n....`n....an=...bn;...cn(...dnI...fn:...gnb...in_...jn}...ln....mn2...rn....tn....un....vn....wnr...xn....yn....zn....{n....|n....}n....~n. ...n."...n.#...n_%...n.'...n.,...n.1...nv9...nWA...n.B...n.D...npE...n.F...n,H...n.I...nKM...n-Q...n.T...nGV...n.W...n.Y...n%....nu....n.....n.....n.....n.....n.....n.....n.....n.....n]....n#....n.....n.....n.....n(....nI....n=....n3....nV....nz....n.....n.....nc....n.....n.....n.....p.....p.....p:....p.....pG....p}....pV....p.....p.....pj....p.....p.....p2....p(....p.....p@....p.....pe....p.....p..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\d3dcompiler_47.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4532624
                                                                                                                                                                                    Entropy (8bit):6.371602392300932
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:NYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jri:36KD2Mrdaix4NQnL3
                                                                                                                                                                                    MD5:4708566E8DAC7300F15880FB79350B5C
                                                                                                                                                                                    SHA1:1B0ADDD9480729EE3B8CE043F7AA53FD03CF9DD6
                                                                                                                                                                                    SHA-256:65F2B1201330AB8C3930D88A5B75811334E07DB0C1C63F43168D41F136C35982
                                                                                                                                                                                    SHA-512:D4AFE1339E13FDA3333558B415EAE72E03DF21AC8BC2A361D9605662749A9EEA9AA8139DF908C544DFEB01174F29FAFD31BD91902F660388119695F3C8E8F00A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S........................................a.............................................................................Rich....................PE..d.....2..........." ......3.........0.&.......................................E.....Q.F...`A..........................................A.x.....A...... E.@.....B..!....D..A...0E....P.>.T....................{7.(...pz7..............{7..............................text...D.3.......3................. ..`.rdata........3.......3.............@..@.data....#....A.......A.............@....pdata...!....B.."...>B.............@..@.rsrc...@.... E......`D.............@..@.reloc......0E......fD.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\ffmpeg.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2696080
                                                                                                                                                                                    Entropy (8bit):6.649543753856176
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:dMnbcrH9v7eCZPxX+qzohT99hDoapghnshy43yBcxnyKbZtjB0HVEMGJSj/8NONn:KCZpX+q27saesDSjbNn
                                                                                                                                                                                    MD5:853A2B43A6857AE07710D92F912B2794
                                                                                                                                                                                    SHA1:04D9978BB2EDA9DB63B353144249D6CA264D684D
                                                                                                                                                                                    SHA-256:1DB8124F9AFBF0FBC15A5D3556A2AFC31853AFDDEEA4042D62C3B8ABCA42E635
                                                                                                                                                                                    SHA-512:10A796D625B715959538FAF7AEB677DEDC6056F7FB9297BBE5AB68B20E965C8C1DE15A588C84F75FC537D5C6C82F0831C92E5038946319801010192857EACDC8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...I<.a.........." ...... ..V.......j........................................;.......)...`A.........................................-'......2'.(.............9.t.....(..A....:.l0....'.....................X.'.(..... .0...........86'.0............................text..... ....... ................. ..`.rdata...7.... ..8.... .............@..@.data.........'..8....'.............@....pdata..t.....9.......'.............@..@.00cfg..(.....:.......(.............@..@.tls..........:.......(.............@..._RDATA........:.......(.............@..@.reloc..l0....:..2....(.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\icudtl.dat

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):10413488
                                                                                                                                                                                    Entropy (8bit):6.281507508108464
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:196608:+UGwSv9AAQnt6liXUxR0rHa93WhlU6tcCLhl:+oKlQnAliXUxR0rHa93WhlU6t3Ln
                                                                                                                                                                                    MD5:80A7528515595D8B0BF99A477A7EFF0D
                                                                                                                                                                                    SHA1:FDE9A195FC5A6A23EC82B8594F958CFCF3159437
                                                                                                                                                                                    SHA-256:6E0B6B0D9E14C905F2278DBF25B7BB58CC0622B7680E3B6FF617A1D42348736B
                                                                                                                                                                                    SHA-512:C8DF47A00F7B2472D272A26B3600B7E82BE7CA22526D6453901FF06370B3ABB66328655868DB9D4E0A11DCBA02E3788CC4883261FD9A7D3E521577DDE1B88459
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                    Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .5....A.......A..P....A.......A.. ....A..p....B.......B..0&..(B...&..8B...&..HB.. n..\B..pn..oB..`o...B...o...B.. p...B...q...B..0r...B...r...B...r...B...s...C...t...C.. v..-C...v..@C...w..SC..px..fC..0y..yC...{...C...|...C.. }...C..`~...C...~...C.......C.......C..p....D.....$D......7D..p...JD.. ...]D......nD......D.. ....D..p....D.......D.......D..0....D.......D......E.. ..."E..p...3E......GE......WE......jE..`....E.......E.......E.......E..`....E.......E.......E.......F..`0..0F....&.GF....&.^F..P.&.uF..@.&..F....&..F....&..F....&..F..p.&..F....&..G...W(.'G..P#).@G..`.)._G....)..G.. B*..G....*..G..p.*..G..`.+..G..0.+..H....+.)H....+.BH...W+.^H.. .+.|H....-..H....-..H....-..H....-..H..P.-..H....-..I.......I......-I..`...EI......UI...8..hI...9..{I..P9...I...9...I...9...I..P:...I...:...I...;...I...]...J..._...J.. ...2J..p...GJ..P...\J..`./.qJ..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\libEGL.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):456080
                                                                                                                                                                                    Entropy (8bit):6.394369233626266
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:T7Udu1o3YnElXvzYhRk9o+3Re3wpcOQy5n+b7dPsfBT:HUdu1NElX7QR2osJ5+dPABT
                                                                                                                                                                                    MD5:7EBBE9227156E3C4E600DEFB160555F9
                                                                                                                                                                                    SHA1:5B356F11DAF55CE5240D796481ADE9342C277B26
                                                                                                                                                                                    SHA-256:DEDA663B1C080E2217A1241AF285B07BEED8117E416F9F814C02EB56A312F4A8
                                                                                                                                                                                    SHA-512:6721082CE99BA227C8D45B9D8102D34AC66C165D50459B81D746E09BFDAC60CF477807F564A77993D3BEA3EAA145FB7F942EC41ACE6388709643B6D99609888C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...I<.a.........." .........................................................0......T.....`A................................................+...(.......x........=.......A... ......,...........................(.......0...........@................................text.............................. ..`.rdata.............................@..@.data...HL...P... ...<..............@....pdata...=.......>...\..............@..@.00cfg..(...........................@..@.tls....!...........................@..._RDATA..............................@..@.rsrc...x...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\libGLESv2.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):7954832
                                                                                                                                                                                    Entropy (8bit):6.430897962973536
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:toqTR4ufIQslQAipy5V0etFBLGvpD1dSS:tof5FBLGvbsS
                                                                                                                                                                                    MD5:085893AFD97F40CCE27BF5A898BC899B
                                                                                                                                                                                    SHA1:8BB8B85CC7055534EE1F12E4A7E5D18FBE22FE48
                                                                                                                                                                                    SHA-256:BC4EAE59FE7E073C06228CF6A304BE3A1A19AE2BFF2C491F52ED1C7A7854DE51
                                                                                                                                                                                    SHA-512:A711D42E87FDD1B6BF89673FB120BAD2C53A71435C8F64F124AF3EF734D2F24C35D4CB516D3AB6834B51CBB619FD7DAA7EDC1D682F03610B4D5992E241CCD545
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...I<.a.........." .....0[...........P...................................... .......ry...`A.........................................@o.......q.d................<... y..A......p...|.n.......................n.(... T[.0...........(.q.....(?o.@....................text...5/[......0[................. ..`.rdata.......@[......4[.............@..@.data.....e...q.......q.............@....pdata...<.......>....u.............@..@.00cfg..(.............x.............@..@.tls....1.............x.............@..._RDATA................x.............@..@.rsrc.................x.............@..@.reloc..p.............x.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\am.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):154369
                                                                                                                                                                                    Entropy (8bit):5.008301713077239
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:nJ1NSM/92t7Rh4rgEkDvuHq/VoZLokijEG/yZJjh6oVjUWRSuo90kef97ZVt1nnu:nzym+u9QfCx30jH8+x
                                                                                                                                                                                    MD5:5C617F3833923FCA5717A549FA57ADCA
                                                                                                                                                                                    SHA1:0102AC3C8041FAB6A1A65A3BCAF7E79C0B7FD719
                                                                                                                                                                                    SHA-256:5F323C0BD185D5BD5F7EA737018F14FD6EA500BA5440BC74F5C09B635518EADC
                                                                                                                                                                                    SHA-512:87034E798355875F3459567ED1F11E5455FC5ADC9634EEC33E9DB2446451FEBF7F35F617709A9B09BF3BC52F195EDEA0CB47D474D2C11CA93A8B5383142D45E9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.f4..k.u4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5.... 5....%5....-5....55....=5....D5....K5....R5....S5....T5.....5.....5.....5.....5.....6.....6.....6.....6...."6....>6....p6.....6.....6.....6.....6.....6.....6.....6.....7.....7....$7....+7....B7....N7....[7....}7..*..7..+..7..,..7../..7..0..7..1.88..2.T8..3.d8..4..8..5..8..6.69..7.^9..>..9..?..9..N..9..g..9..i..9..j..9..k..9..l..9...I.9...I.:...I3;...I<;...J{;...J.;...J.;...J.;...J.;...J.;...J.<...J#<...J|<...J.<...J.<...J.<...J.<...J.=.. J.=..!J.=.."J.=..#J.=..$J.=..%J(>..&J.>..'J??..)J.?..*J.@..+JL@..,Jb@../J.@..0JlA..1J|B..2J.B..3J.B..5J+C..6J.C..7J.D..8J.D..9J.E..:J@E..;J_G..<J|H..=JWI..>J.I..@J.J..BJ.J..CJ4J..DJGJ..EJ`J..FJ.J..KJ2K..LJsK..MJ*L..NJFL..OJrL..PJ.L..QJ-M..RJ.M..SJ.N..TJXN..WJ.O..ZJUO..\JdO..]JjO..^JsO.._J.O..`J.O..aJ.O..bJ.O..cJ.P..dJ.P..eJGP..fJxP..gJ.P..hJ.Q..iJYQ..kJrQ..mJ.Q..nJ.Q..oJ.Q..pJ.Q..qJzR..tJqU..wJ.U..xJ.U..yJ.V..zJ#V..{JSV..}JwV...J.V...J.W...J|W

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ar.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):156996
                                                                                                                                                                                    Entropy (8bit):5.084198860333123
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:91mmOGHNSNRZaJTGxRh+7iMuxHSM2uZtE9yKBZ1F/R2bKSI1+/BI1Iir2L2p:zjOlNRQs+7i0g/BI1Zp
                                                                                                                                                                                    MD5:8F9C8DD93B03202220B5E226C6956025
                                                                                                                                                                                    SHA1:8290DBA9B8DCC89928821EAD04F7CF599C0BA557
                                                                                                                                                                                    SHA-256:E7F9A474399C0CA0DAF28C6153F6EC7AE87423E66C8FFE0849407471D20B6237
                                                                                                                                                                                    SHA-512:3EB0B80CC7243ED646CFC7BE31EB27F0AA15F2AA8A5D2C50C3E5EFD8A81759637E3F986C5C294262FF3BC94A939BB3803268B4EDA46B3CFE224F596BFB4ED00A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.Z4..k.i4..l.t4..n.|4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5....!5....)5....15....85....?5....F5....H5.....5.....5.....5.....5....'6....*6.....6....86....X6....x6.....6.....6.....6.....6.....6.....6.....6.....6.....7.....7.....7....17....97....L7....n7..*..7..+..7..,..7../..7..0..7..1..8..2..8..3.08..4.W8..5.~8..6..8..7..9..>.79..?.B9..N.]9..g.k9..i.n9..j.r9..k.w9..l..9...I.9...I.9...I.:...I.:...J#;...J+;...J<;...JO;...Js;...J.;...J.;...J.;...J.<...J.<...J=<...JC<...Jh<...J}<.. J.<..!J"=.."J<=..#JW=..$J[=..%J}=..&J.=..'JP>..(J.>..)J.?..*J.?..+J.?..,J.@../JG@..0J.@..1J.A..2J.B..3J1B..5JpB..6J.C..7J.D..8J.D..9J.D..:J!E..;J>I..<J.K..=J.L..>J.M..@JRM..BJ\M..CJsM..DJ.M..EJ.M..FJ.M..KJ.N..LJ.N..MJmO..NJ.O..OJ.O..PJ(P..QJ.P..RJ5Q..SJ.Q..TJ.R..WJ.S..ZJmS..[J{S..\J.S..]J.S..^J.S.._J.S..`J.S..aJ.T..bJ.T..cJ.T..dJNT..eJ.T..fJ.T..gJXU..hJwU..iJ.U..kJ.U..mJ.U..nJ.U..oJ.V..pJ=V..qJBW..tJB_..wJ._..xJ._..zJ._..{J.`..}J>`...JS`...J.`...JDa...J.a

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\bg.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):170110
                                                                                                                                                                                    Entropy (8bit):4.813810055718465
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:P3504qAG1u0PSFq8HyyW4nSpbBqjnUmIKW3RZzrzCLy8Asgiamd3vNgT72eM+sUS:P35vqpTPaTo4njmZzrmLy8ADINW72eMz
                                                                                                                                                                                    MD5:00D012A55A50BBA5DE8B2FC2E0D163B2
                                                                                                                                                                                    SHA1:89163FA9905876167A0C7D3446BCB0BD30F88EF4
                                                                                                                                                                                    SHA-256:BD3A3AACC3CEE9864404755EEE9542E0F21EFBEBD4A71E5333D15783D4CE18C9
                                                                                                                                                                                    SHA-512:3BD6C774729F3531D316917DEB7D8FE977C5BF5A3E85846F061C4AF5FB6C45F79D8A3557A47D4569AD52819B3CCAB13D386A9F5C1801E25E969E194A956D40A2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........(...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|."5..}.45....<5....A5....I5....Q5....Y5....`5....g5....n5....o5....p5.....5.....5.....5.....6....96....;6....?6....K6....^6....y6.....6.....6.....7....77....>7....A7....B7....V7....l7.....7.....7.....7.....7.....7.....7.....8..*.)8..+.,8..,.J8../..8..0..8..1..9..2.+9..3.N9..4..9..5..9..6.8:..7.\:..>..:..?..:..N..:..g..:..i..:..j..:..k..:..l..:...I.:...I1;...I.<...I.<...J.<...J.<...J.=...J!=...JW=...J.=...J.=...J.>...J >...JF>...JX>...J.>...J.>.. J(?..!Jo?.."J.?..#J.?..$J.?..%J.@..&JT@..'J0A..(J.A..)J.B..*J.B..+J.C..,J7C../JhC..0JSD..1J.E..2J.E..3J.E..5J7F..6J.G..7J.G..8J.G..9J.G..:J!H..;J.I..<J.J..=JXK..>J.K..@J.L..BJ.L..CJ.L..DJ@L..EJhL..FJ.L..KJ]M..LJ.M..MJqN..NJ.N..OJ.N..PJ1O..QJ.O..RJrP..SJ.Q..TJ^Q..WJ.R..ZJ.R..\J.R..]J.S..^J.S.._J?S..`JjS..aJ.S..bJ.S..cJ.S..dJ.S..eJ6T..fJlT..gJ.T..hJ.U..iJ^U..kJkU..mJ.U..nJ.U..oJ.U..pJ.V..qJ.V..tJ>Y..wJ.Y..xJ.Y..yJ)Z..zJ7Z..{JKZ..}J}Z...J.Z...Jt[...J.[

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\bn.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):221799
                                                                                                                                                                                    Entropy (8bit):4.419808794496792
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:fPjRXprzuB7CPIqPp2nKEZ3UzKoZ4CfrNuduY0Jri0CI58JRKgqZBiCYWY0PnxRB:fbbNp2KGCDjr58JMgqbxRRImv7hfUHm/
                                                                                                                                                                                    MD5:80C804A82C617E7E0FC1E7F0DF63290C
                                                                                                                                                                                    SHA1:A81F3AC6E92785E4C96E7DBD01FCA8BFD446071A
                                                                                                                                                                                    SHA-256:B4ED891E8B38452623348DA12D325B52407446114CBA664A8E25A26A7CFAF773
                                                                                                                                                                                    SHA-512:919856917F185DCAA6204A0B990E49498EF59B72CF93F8B6DA44785F4E889B70C0B05300AC15009260DDB36A8D4F06FEE5D8C4796E60A43C2957EA436F7316BF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.j4..k.y4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5....%5....*5....25....:5....?5....G5....N5....U5....\5....]5....^5.....5.....6....=6....h6.....6.....6.....6.....6.....6.....7....A7....o7.....7.....7.....7.....7.....7.....7.....8.....8....28....S8....b8....z8.....8..*..8..,..8../..9..0..9..1..9..2..9..3..9..4..:..5.x:..6..:..7.4;..>..;..?..;..N..;..g..;..i..;..j..;..k..;..l..<...I.<...I]<...I=>...IY>...J.>...J.>...J.>...J.>...J/?...JK?...J}?...J.?...J.@...J'@...JR@...Jh@...J.@...J.@.. JdA..!J.A.."J.A..#J.B..$J2B..%J.B..&J.B..'J0D..(J7E..)JAF..*JlF..+J.F..,J.F../JDG..0J.H..1J.J..2J.J..3J.J..5JqK..6J.L..7J.M..8J.N..9J,N..:J.N..;J.Q..<J.S..=J.T..>J.U..@J.U..BJ.U..CJ.V..DJ'V..EJVV..FJ.V..KJ.W..LJ)X..MJ3Y..NJPY..OJ.Y..PJ.Y..QJ.Z..RJJ[..SJ.\..TJh\..WJ.]..ZJ<^..[JX^..\Jt^..]J}^..^J.^.._J.^..`J._..aJb_..bJc_..cJ._..dJ._..eJ.`..fJ?`..gJ.`..hJ.a..iJEa..kJXa..mJ.a..nJ.a..oJ.a..pJQb..qJSc..tJ.h..wJ.h..xJ.i..yJsi..zJ.i..{J.i..}J.j...J/j...J6k

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ca.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):108499
                                                                                                                                                                                    Entropy (8bit):5.413075728378605
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:Em2DPcgrI54tBL8l/oq7O5awat8PU02he8X/FS0bzRhqRRhnAkpxlCEtT3nRA39u:EvPcgkoqO5a78PUzhe8X/80nEznAkpxl
                                                                                                                                                                                    MD5:79EC325651589F138C7840C61316D8F5
                                                                                                                                                                                    SHA1:37503EDCAE710E2D61F390064FA2D9893D4B9C8D
                                                                                                                                                                                    SHA-256:9A4E286A58BB9A58E9E30D982783663C9BCE40730CB6DAD4C37980038040919E
                                                                                                                                                                                    SHA-512:F00A9354871C77947D2B99E83B54BABCB46B5A45C24702C1B5F750156ABCB2A00D12C6B4C2E15634D4D560DE0AFA5B9C368D31F08CF447F2209F51C0B8EF6384
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........&...j.~4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|..5..}.05....85....=5....E5....M5....U5....\5....c5....j5....k5....l5.....5.....5.....5.....5.....6.....6.....6.....6.... 6....06....F6....]6....r6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..7..+..7..,.!7../.K7..0.P7..1..7..2..7..3..7..4..7..5..7..6..8..7.08..>.D8..?.N8..N.a8..g.n8..i.q8..j.u8..k.z8..l..8...I.8...I.8...I.9...I.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J$:...Ja:...Jm:...J.:...J.:...J.:...J.:.. J.:..!J ;.."J5;..#JJ;..$JM;..%Jg;..&J.;..'J.<..(J.<..)J.=..*J"=..+JL=..,J[=../Jz=..0J.>..1J.>..2J.>..3J.?..5JC?..6J.?..7J)@..8J:@..9JF@..:Jl@..;J.A..<J.B..=J.B..>J.B..@J.C..BJ.C..CJ.C..DJ(C..EJ<C..FJaC..KJ.C..LJ.C..MJ?D..NJaD..OJtD..PJ.D..QJ.E..RJeE..SJ.E..TJ.E..WJ.F..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.F..`J.G..aJ$G..bJ%G..cJ:G..dJ=G..eJkG..fJ.G..gJ.G..hJ.G..iJ.H..kJ.H..mJBH..nJGH..oJUH..pJ.H..qJ.H..tJxJ..wJ.J..xJ.J..yJ.J..zJ.J..{J.K..}J2K...JFK

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\cs.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):110242
                                                                                                                                                                                    Entropy (8bit):5.8210765375728135
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:6G+wdXqt5qYSP7ymjLEwoVD33zSYoYlBw/dhRRkP+8QUQdbiE:JvXPjyfaYl6/P2+8QUQdbd
                                                                                                                                                                                    MD5:0325D16A747CCA73A3A2B0C94FAC123D
                                                                                                                                                                                    SHA1:E5989627742ECEE5F8996001002E97627BFBE10D
                                                                                                                                                                                    SHA-256:C00829FC57C7E1E5419FE3202F114D394A590B8B32B1E55AF42772C93755945D
                                                                                                                                                                                    SHA-512:B824297DF25C097251432FA72AE1258092E692FF3E4C527599897D7D3E71007CBD80E300DE54B87146889F71D537C7D297C1B3CAC04B6E08D7CE29132EC9E5DC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.j4..k.y4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5....$5....)5....15....95....A5....H5....O5....V5....W5....X5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....)6....86....I6....P6....S6....T6....a6....n6....u6....}6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.I7..2.W7..3.e7..4..7..5..7..6..7..7..7..>..8..?..8..N.#8..g.*8..i.-8..j.18..k.68..l.A8...IF8...I_8...I.9...I.9...JA9...JH9...JN9...JT9...Jo9...Jz9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:.. Jd:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.:..'JK;..(J.;..)J.<..*J1<..+J_<..,Jn<../J.<..0J.=..1J.=..2J.=..3J.=..5J'>..6J.>..7JP?..8Jb?..9Ju?..:J.?..;J.A..<J.B..=JPC..>J.C..@J.C..BJ.C..CJ.C..DJ.C..EJ.C..FJ.D..KJTD..LJrD..MJ.D..NJ.D..OJ.E..PJDE..QJ.E..RJ.E..SJ&F..TJQF..WJ.F..ZJ.G..[J.G..\J.G..]J"G..^J%G.._J;G..`JSG..aJbG..bJeG..cJvG..dJyG..eJ.G..fJ.G..gJ.H..hJ.H..iJ3H..kJ:H..mJ]H..nJdH..oJqH..pJ.H..qJ.I..tJ&L..wJ;L..xJOL..zJ.L..{J.L..}J.L...J.L...JZM

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\da.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):100898
                                                                                                                                                                                    Entropy (8bit):5.423694312690139
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:mjAsKH2oFmMFyHlqByQxTdofWfZg5Q4+xEGqZ4w8pOmPEFh/j4O:mM9WohFyFnQBf2+xgL1/r
                                                                                                                                                                                    MD5:29F37A66AD8035D0657A1C7176330C40
                                                                                                                                                                                    SHA1:EBF26AFA557B44FF5248207425083C750A397F49
                                                                                                                                                                                    SHA-256:6DA77A20FD6FBB228B2DE5F197225342DA18CBC58D26EBF542CF20D23E00F033
                                                                                                                                                                                    SHA-512:4C360F13C499A9B4B8E2B6F29EFECEDCC571130B90CB93A3C21486642704711DB0A182B63B3BE307B39C382DE73787269822AF76AF9032E4F9C4A5596EAE8E50
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........)...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|.$5..}.65....>5....C5....K5....S5....[5....b5....i5....p5....q5....r5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....#6....76....I6....P6....S6....T6....[6....d6....j6....m6....t6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..6..1..7..2..7..3.&7..4.@7..5.X7..6..7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.8...I.8...I.8...J.8...J.8...J.8...J.9...J/9...J79...JF9...JR9...J.9...J.9...J.9...J.9...J.9...J.9.. J.:..!J,:.."J::..#JJ:..$JP:..%Jf:..&J.:..'J.:..(JH;..)J.;..*J.;..+J.;..,J.;../J.<..0J|<..1J.=..2J.=..3J<=..5Jg=..6J.=..7JF>..8JO>..9J^>..:Jx>..;J.?..<J/@..=J.@..>J.@..@J.A..BJ.A..CJ.A..DJ#A..EJ-A..FJgA..KJ.A..LJ.A..MJFB..NJ_B..OJpB..PJ.B..QJ.B..RJ2C..SJ}C..TJ.C..WJ4D..ZJ]D..\JeD..]JkD..^JnD.._J.D..`J.D..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.E..gJRE..hJdE..iJzE..kJ.E..mJ.E..nJ.E..oJ.E..pJ.E..qJ0F..tJLH..wJcH..xJ~H..yJ.H..zJ.H..{J.H..}J.H...J.H...JfI

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\de.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):108417
                                                                                                                                                                                    Entropy (8bit):5.4792271676996425
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:hHbausrKfikXgkNahUnNqRPIYvfrxWRQNCLubXpkHxQ1NlkGfChxCPQl9v83Opra:pinhUnN1dLq+H8Nr40PyqyrsS0
                                                                                                                                                                                    MD5:5F9F5187B2C3A4BBE6077A329EF5C2C1
                                                                                                                                                                                    SHA1:68AB6991F89F5C41C055B07FD97EA6D394D87F12
                                                                                                                                                                                    SHA-256:E964D841B9588B7412F1FF86F004E6B052F993BF2153E4DC4BEE6C5536BE1744
                                                                                                                                                                                    SHA-512:560A90D24C5FBA776AE526033163CE61662978599C4B171F0BDBC80C72206A9443ED1AAB58819AE71345ECAFA795527C0673C12B73BA7AC381B7DEF7BBBEE118
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.T4..k.c4..l.n4..n.v4..o.{4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5.....5....#5....+5....25....95....@5....A5....B5....{5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....(6....A6....Z6....a6....d6....e6....o6....y6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.;7..2.I7..3.R7..4.y7..5..7..6..7..7..7..>..8..?..8..N.+8..g.68..i.98..j.=8..k.F8..l.L8...IY8...Iv8...IJ9...IT9...Jx9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J):...J7:...JG:...JP:...J`:...Jo:.. J.:..!J.:.."J.:..#J.:..$J.;..%J(;..&JY;..'J.;..(Jp<..)J.=..*J*=..+JS=..,Jd=../Jx=..0J.>..1J.>..2J.>..3J.?..5J8?..6J.?..7J"@..8J)@..9J4@..:JU@..;JsA..<J.A..=J.B..>J.B..@J.C..BJ.C..CJ.C..DJ C..EJ/C..FJfC..KJ.C..LJ.C..MJpD..NJ.D..OJ.D..PJ.D..QJ!E..RJuE..SJ.E..TJ.F..WJ.F..ZJ.F..\J.F..]J.F..^J.F.._J.F..`J.G..aJ,G..bJ-G..cJ@G..dJCG..eJmG..fJ.G..gJ.G..hJ.G..iJ.H..kJ%H..mJCH..nJMH..oJ[H..pJ~H..qJ.H..tJ}J..wJ.J..xJ.J..yJ.J..zJ.J..{J.K..}J!K...J0K...J.K

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\el.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):188491
                                                                                                                                                                                    Entropy (8bit):4.875423021643058
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:lA6xGMCiJFTYkDuTX9yGwSREF3IVMRm5ppFFSqu/EFMeELO+niKh52hfZPXYlXSG:lAACiJFMkDuTyF3IiRm5ppFLzFMeF+n/
                                                                                                                                                                                    MD5:F4083CF1C56EDB2D8701FC1809C9D8EC
                                                                                                                                                                                    SHA1:909337883E1F898C98DE9B35F7889D257E5455B2
                                                                                                                                                                                    SHA-256:B624633365C19E6E3CBE200B39889711994809796DBEE7988883165D0CC1D6C2
                                                                                                                                                                                    SHA-512:27726B5CF51760D6938C17E3B1346F0F9C36940A94FBB9428D9BA8809598E07D7C5429FCFC3EC56EA795D65555B4D19676CDC299D0F8937C503D92CB87B80EE4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.n4..k.}4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}. 5....(5....-5....55....=5....E5....L5....S5....Z5....[5....\5.....5.....5.....6....C6....|6....~6.....6.....6.....6.....6.....6.....7....=7....j7....q7....t7....u7.....7.....7.....7.....7.....7.....7.....8.....8....J8..*._8..+.b8..,..8../..8..0..8..1.m9..2..9..3..9..4..9..5.;:..6..:..7..:..>..;..?.*;..N.K;..g._;..i.b;..j.f;..k.k;..l.u;...Iz;...I.;...I8=...IP=...J.=...J.=...J.=...J.=...J.>...J.>...Jc>...Jw>...J.>...J.?...J0?...JD?...Jf?...J.?.. J&@..!Jm@.."J.@..#J.@..$J.@..%J.A..&J.A..'JxB..(JDC..)J<D..*JbD..+J.D..,J.D../J.E..0J3F..1J.G..2J.G..3J.H..5JSH..6JNI..7J.I..8J.J..9J8J..:J}J..;JrL..<JOM..=JTN..>J.N..@J.O..BJ#O..CJ>O..DJOO..EJnO..FJ.O..KJ8P..LJ.P..MJ.Q..NJ.Q..OJ.Q..PJtR..QJ8S..RJ.S..SJ.T..TJ.T..WJ.V..ZJqV..[J.V..\J.V..]J.V..^J.V.._J.V..`J.W..aJ#W..bJ$W..cJCW..dJFW..eJsW..fJ.W..gJSX..hJkX..iJ.X..kJ.X..mJ.X..nJ.Y..oJ.Y..pJVY..qJ.Y..tJ.\..wJ.]..xJ=]..yJ.]..zJ.]..{J.^..}J>^...J[^

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\en-GB.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):89514
                                                                                                                                                                                    Entropy (8bit):5.4765832263521075
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:c1BQQyiGUaBWTHjrDXApScz4RrgasTX65iBxgwSOiJedMJrV0h5BvVfm3ggl+qRR:c/QJDU9HjHBVsdBxgXM523ggl+qH
                                                                                                                                                                                    MD5:B8B8DE138E6CD2AD1EEE182F2BEFC905
                                                                                                                                                                                    SHA1:ACB5FBB8D3026D2CF0D5AFCC0B2407F7DC7F7CEE
                                                                                                                                                                                    SHA-256:4A5E6439C6731A5273970C8C053B4A89018C57F1D9BE81D85F24978233675442
                                                                                                                                                                                    SHA-512:C5575F68AEE1284A82A47E4D412DF6175550BDE1D8FFD3845D295F88687ECE4A7C04F0AB9FCAB78182FCABB6876CCB9A1F6EE815B0ABC0EB96FE59F5FF849E4B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........(...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|."5..}.45....<5....A5....I5....Q5....Y5....`5....g5....n5....o5....p5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....%6....:6....A6....D6....E6....M6....U6....\6....a6....f6....q6....u6....|6.....6..*..6..+..6..,..6../..6..0..6..1..7..2..7..3..7..4.-7..5.D7..6.v7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...Ir8...Ix8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J!9...J+9...J:9...J>9...JH9...JQ9.. J.9..!J.9.."J.9..#J.9..$J.9..%J.9..&J.:..'J]:..(J.:..)J.;..*J.;..+J=;..,JI;../JZ;..0J.;..1J.<..2J.<..3J.<..5J.<..6J/=..7J.=..8J.=..9J.=..:J.=..;J.>..<J+?..=J.?..>J.?..@J.?..BJ.?..CJ.?..DJ.@..EJ.@..FJ*@..KJ`@..LJ.@..MJ.@..NJ.@..OJ.A..PJ(A..QJ~A..RJ.A..SJ.B..TJ'B..WJ.B..ZJ.B..[J.B..\J.B..]J.B..^J.B.._J.B..`J.C..aJ C..bJ!C..cJ,C..dJ/C..eJPC..fJjC..gJ.C..hJ.C..iJ.C..kJ.C..mJ.C..nJ.C..oJ.D..pJ!D..qJoD..tJ.E..wJ.E..xJ.E..yJ.F..zJ.F..{J!F..}J;F...JEF

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\en-US.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):90228
                                                                                                                                                                                    Entropy (8bit):5.468679281798329
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:lnI8PwZKfs9B0fYSED0TI4RVQ2trM8M5Xx5dBxgZSO0JedMVrBHhBeVfD3ggl+CA:LEKE2YStRdMLBxgsvBq3ggl+CGwG
                                                                                                                                                                                    MD5:AF5C77E1D94DC4F772CB641BD310BC87
                                                                                                                                                                                    SHA1:0CEEB456E2601E22D873250BCC713BAB573F2247
                                                                                                                                                                                    SHA-256:781EF5AA8DCE072A3E7732F39A7E991C497C70BFAEC2264369D0D790AB7660A4
                                                                                                                                                                                    SHA-512:8C3217B7D9B529D00785C7A1B2417A3297C234DEC8383709C89C7FF9296F8ED4E9E6184E4304838EDC5B4DA9C9C3FE329B792C462E48B7175250EA3EA3ACC70C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........2...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..5..w..5..y.!5..z.05..|.65..}.H5....P5....U5....]5....e5....m5....t5....{5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....$6....96....N6....U6....X6....Y6....a6....i6....p6....u6....z6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..6..1..7..2.&7..3.,7..4.@7..5.W7..6..7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...I.8...I.8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J49...J=9...JL9...JP9...JZ9...Jc9.. J.9..!J.9.."J.9..#J.9..$J.9..%J.9..&J.:..'Jf:..(J.:..)J.;..*J";..+JG;..,JS;../Jh;..0J.;..1J.<..2J.<..3J.<..5J.<..6J7=..7J.=..8J.=..9J.=..:J.=..;J.>..<J_?..=J.?..>J.@..@J(@..BJ.@..CJ8@..DJ?@..EJJ@..FJf@..KJ.@..LJ.@..MJ.A..NJ0A..OJ@A..PJhA..QJ.A..RJ.B..SJDB..TJhB..WJ.B..ZJ.C..[J.C..\J.C..]J#C..^J'C.._J9C..`JOC..aJbC..bJcC..cJnC..dJqC..eJ.C..fJ.C..gJ.C..hJ.C..iJ.D..kJ.D..mJ4D..nJ8D..oJGD..pJcD..qJ.D..tJ.F..wJ3F..xJBF..yJaF..zJgF..{J~F..}J.F...J.F

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\es-419.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106030
                                                                                                                                                                                    Entropy (8bit):5.373963649438172
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:Y1zfcN6nwhQppC6SGDYjRbqZrtlaUuzHjqXGiMdePcHYD9KeO0KWFsMH5BthDViT:ahnwhQu6Psl6pMFmI2Be
                                                                                                                                                                                    MD5:84A1995559E8FC00C3E46BA63EFF51A6
                                                                                                                                                                                    SHA1:24B57BABEE3291419FC29AAB9C9A2FC0FE9C3D8A
                                                                                                                                                                                    SHA-256:2E1CF9D3E3EEBE607DA44873CFE37B9A84615962E3450313C3947920D4DE4FDA
                                                                                                                                                                                    SHA-512:1B8453367BBEB12F237F850EB0EF67D4B6CAA973F2E6ACCDAE6FF5B7B3991D5BE2C5D76F787D2C7CA5A10D2D0A92B47FD55141C9D900C850F80CD916ABF5425A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........%...j.|4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|..5..}..5....65....;5....C5....K5....S5....Z5....a5....h5....i5....j5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....06....H6....`6....g6....j6....k6....t6....}6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../.&7..0./7..1.e7..2.y7..3..7..4..7..5..7..6..8..7."8..>.:8..?.D8..N.Y8..g.e8..i.h8..j.l8..k.q8..l.y8...I~8...I.8...If9...Io9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J':...J2:...JL:...JS:...Jp:...J.:.. J.:..!J.;.."J.;..#J%;..$J*;..%JH;..&Jv;..'J.;..(Ja<..)J.<..*J.=..+J1=..,JD=../Jd=..0J.=..1J.>..2J.>..3J.>..5J$?..6J.?..7J.@..8J.@..9J!@..:JF@..;J'A..<J.A..=J(B..>J.B..@J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ.C..KJKC..LJ{C..MJ.C..NJ.D..OJ.D..PJGD..QJ.D..RJ.E..SJ\E..TJ.E..WJWF..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.F..`J.F..aJ.F..bJ.F..cJ.F..dJ.F..eJ'G..fJEG..gJ.G..hJ.G..iJ.G..kJ.G..mJ.G..nJ.G..oJ.G..pJ.H..qJzH..tJ.J..wJ.J..xJ;J..yJkJ..zJtJ..{J.J..}J.J...J.J

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\es.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):108109
                                                                                                                                                                                    Entropy (8bit):5.35370843761187
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:CPOLX5pxZkWBvJdYx/TFKYM3vtdThgFW9XlhgoThoK/rh2L1w3Oy:C2vkwcx4v5F1tYC3z
                                                                                                                                                                                    MD5:4ACAD14261FA458CBC61451F4255C891
                                                                                                                                                                                    SHA1:BFBF2429190B85F692BC97D12822CEDD53A70742
                                                                                                                                                                                    SHA-256:B927984D25359F3D7A20D71AA4B16D2EC4C574461177825B5221865F416D1E71
                                                                                                                                                                                    SHA-512:24A71134F5C8F3E03B29491E11D0D0D2B9988C2528593C753893986C6DB6FF2BD88E2E5389B086E0785E24141894441EFE3DB976111E2AD5EE5AFBF7374FEC1D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........)...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|.$5..}.65....>5....C5....K5....S5....[5....b5....i5....p5....q5....r5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....16....D6....\6....t6....{6....~6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../..7..0.57..1.j7..2.~7..3..7..4..7..5..7..6..8..7.'8..>.<8..?.F8..N.[8..g.g8..i.j8..j.n8..k.w8..l..8...I.8...I.8...I.9...I.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...JZ:...Je:...J.:...J.:...J.:...J.:.. J.:..!J2;.."JB;..#JT;..$JY;..%Jw;..&J.;..'J.<..(J.<..)J.=..*J+=..+JV=..,Jf=../J.=..0J.>..1J.>..2J.>..3J.>..5J.?..6J.?..7J.?..8J.?..9J.@..:J0@..;J+A..<J.A..=J.B..>JwB..@J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ.B..KJNC..LJ~C..MJ.C..NJ.D..OJ'D..PJjD..QJ.D..RJ:E..SJ.E..TJ.E..WJuF..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.F..`J.F..aJ.G..bJ.G..cJ.G..dJ.G..eJCG..fJfG..gJ.G..hJ.G..iJ.G..kJ.G..mJ.H..nJ.H..oJ.H..pJCH..qJ.H..tJ.J..wJ3J..xJQJ..yJyJ..zJ.J..{J.J..}J.J...J.J

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\et.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):96956
                                                                                                                                                                                    Entropy (8bit):5.455086908059335
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:BnHIHEpX0aM3DS4xyGXcen6dg9NzuLECchVjpsPQHXG:BnHiEiaMe4x06NyLiV2PQHW
                                                                                                                                                                                    MD5:3F2F42E0E8FFE5C26295F5E15480EDCA
                                                                                                                                                                                    SHA1:E183E93FE99145CE0471687E930926018B1FCC19
                                                                                                                                                                                    SHA-256:9CDEFC472C67247E67DA040B984E800CC8B903A1B39C742E6962FF5C423F391E
                                                                                                                                                                                    SHA-512:BB61DA1665100B59433D03D05FCD074D36E07EA3C29F2F7C5305E2B560E2A2A8FC508D38B45798D98CD3C1987165667CD723726397E3D1E4BE006C17EFE11C3B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..5..w..5..y..5..z.(5..|..5..}.@5....H5....M5....U5....]5....e5....l5....s5....z5....{5....|5.....5.....5.....5.....5.....5.....5.....6.....6.....6...."6....26....A6....V6....j6....q6....t6....u6....~6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.G7..2.R7..3.^7..4.u7..5..7..6..7..7..7..>..7..?..8..N..8..g..8..i.!8..j.%8..k.,8..l.38...I>8...IZ8...I.9...I.9...J69...J=9...JI9...JR9...Ji9...Jo9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:.. Ja:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.:..'JG;..(J.;..)J.<..*J1<..+JT<..,Jb<../J{<..0J.<..1J.=..2J.=..3J.=..5J.=..6Ji>..7J.>..8J.>..9J.>..:J.?..;J.@..<J.@..=J.@..>J%A..@J?A..BJGA..CJSA..DJZA..EJlA..FJ.A..KJ.A..LJ.A..MJVB..NJvB..OJ.B..PJ.B..QJ.C..RJXC..SJ.C..TJ.C..WJ:D..ZJXD..\J_D..]JbD..^JgD.._J}D..`J.D..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.E..gJcE..hJ.E..iJ.E..kJ.E..mJ.E..nJ.E..oJ.E..pJ.F..qJ^F..tJ.G..wJ.G..xJ.G..yJ.H..zJ.H..{J0H..}JPH...J^H...J.H

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fa.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):151026
                                                                                                                                                                                    Entropy (8bit):5.181938015353535
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:QXP4Rawpa8C96NS9/W2ESEmGzR2XQmN4o6TwNv7fizfb8YIO8jdr8TwatK/E3oLF:QXP4Rawpa8C96NS9/W2ESEmGV2XQmN4s
                                                                                                                                                                                    MD5:0FBE88D360ABC020EF6D511FF5CB70A5
                                                                                                                                                                                    SHA1:8ABC47BC30BB0128B84CA4335DC09A67B051EDF4
                                                                                                                                                                                    SHA-256:7E8F7F42300178F001EA5F74C63DB25D813B7C25989114DC7673C76FD92A72C9
                                                                                                                                                                                    SHA-512:1EB2F414521B4EAD4ECCC26305CF89EDDF2A9E26BC5E8D100946A8B442694E48DF6FDCDE858197B23CDD47C83ED7C316D280A642017E7516C5DB73C3322FBA26
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.B4..k.Q4..l.\4..n.d4..o.i4..p.v4..q.|4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..4.....4.....5.....5.....5.....5.... 5....'5.....5....05....x5.....5.....5.....5.....5.....6.....6.....6....#6....:6....`6....}6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....7.....7....27....`7..*.s7..+.v7..,..7../..7..0..7..1..8..2..8..3.,8..4.]8..5..8..6..8..7.'9..>.`9..?.k9..N..9..g..9..i..9..j..9..k..9..l..9...I.9...I.9...I.:...I.;...JO;...JW;...Jl;...Jy;...J.;...J.;...J.;...J.;...JQ<...Jb<...J.<...J.<...J.<...J.<.. J-=..!Ja=.."J|=..#J.=..$J.=..%J.=..&J0>..'J.?..(J.?..)J.@..*J.@..+J*A..,J;A../JbA..0JMB..1J.C..2J.C..3J.C..5J,D..6J.D..7J.E..8J.E..9J.E..:J+F..;J.H..<J.I..=J.J..>J.J..BJ!K..CJ=K..DJKK..EJbK..FJ.K..KJ-L..LJ.L..MJ.M..NJ<M..OJcM..PJ.M..QJ-N..RJ.N..SJ#O..TJ`O..WJ,P..ZJ{P..\J.P..]J.P..^J.P.._J.P..`J.P..aJ.P..bJ.P..cJ.Q..dJ.Q..eJ]Q..fJ.Q..gJ.R..hJ>R..iJvR..kJ.R..mJ.R..nJ.R..oJ.R..pJ.S..qJ.S..tJ!W..wJ.W..xJ.W..yJ.X..zJ!X..{J_X..}J.X...J.X...JGY...J.Y...J.Z...JEZ

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fi.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):99485
                                                                                                                                                                                    Entropy (8bit):5.416956540869923
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:6EsQoWFTTTqWU9S0JEji18vlhROdA0EjjNM1TO9mRX:6EFf7iE218vUd4shX
                                                                                                                                                                                    MD5:0C5F18712C639646E37FED054781B147
                                                                                                                                                                                    SHA1:FAECB7CB6838783E15BC52C8DC019736A334D59B
                                                                                                                                                                                    SHA-256:4E538A14F1DBC872A85FDB4BE1E19145553ECFA3B07EE7C810B690C52B889684
                                                                                                                                                                                    SHA-512:EF9F1158C35045BBEF92FE70D9006CD7DCC3C834F5A4BEBA5B269AD6C16F9790E316B7E2617100567919AD647A1353CFA8B80D5EDE23CEC9E5F7AE9B4E49C154
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.h4..k.w4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5...."5....'5..../5....75....?5....F5....M5....T5....U5....V5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....(6....76....>6....A6....B6....K6....S6....Z6...._6....f6....u6....}6.....6.....6..*..6..+..6..,..6../..6..0..6..1.'7..2.57..3.D7..4.`7..5.z7..6..7..7..7..>..7..?..7..N..8..g.&8..i.)8..j.-8..k.28..l.:8...I?8...I\8...I.9...I)9...JZ9...Ja9...Ji9...Jt9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J.:...J-:.. Js:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.;..'Js;..(J.;..)J5<..*JH<..+Jr<..,J.<../J.<..0J,=..1J.=..2J.=..3J.>..5J?>..6J.>..7J.?..8J.?..9J$?..:JG?..;J3@..<J.@..=J.A..>JRA..@JrA..BJvA..CJ.A..DJ.A..EJ.A..FJ.A..KJ.B..LJ)B..MJ}B..NJ.B..OJ.B..PJ.B..QJ.C..RJ[C..SJ.C..TJ.C..WJ5D..ZJ_D..\JgD..]JoD..^JtD.._J.D..`J.D..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.E..gJQE..hJhE..iJ.E..kJ.E..mJ.E..nJ.E..oJ.E..pJ.E..qJKF..tJ.G..wJ.G..xJ.G..yJ.G..zJ.G..{J.H..}J2H...JBH...J.H

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fil.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):110288
                                                                                                                                                                                    Entropy (8bit):5.196308788997154
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:3NqmgtbTGldYzVgQNjLeyspz4NvuNpEWnGkuljgOAM64CzPEchYkZzk17PaXmAMD:sbTEd07PjgOAaCzh7VSKmAW
                                                                                                                                                                                    MD5:249AC7111D6310C67B42E973F6AA7646
                                                                                                                                                                                    SHA1:DB19F2FA4EEEEC09906ED31BF6295E7831BF9E2C
                                                                                                                                                                                    SHA-256:CB536B478FEFFD3B55EC53676CCE84CEFC9E000C1205273BAFCDAF6EE6EDD381
                                                                                                                                                                                    SHA-512:E96D000925BE9FAE898602F5D62AE3E642E91AA2957D723FFDFE9CAC9BD277BA2155BE31620FBC326D5CC43D47A0E08314FE27688A6EAF786491D6B39A52A00A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........(...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|."5..}.45....<5....A5....I5....Q5....Y5....`5....g5....n5....o5....p5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....!6....:6....Q6....j6....q6....t6....u6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../..7..0.77..1.k7..2.|7..3..7..4..7..5..7..6..7..7..8..>..8..?.68..N.I8..g.T8..i.W8..j.[8..k.`8..l.n8...Is8...I.8...ID9...IL9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J+:...J::...J@:...JP:...J_:.. J.:..!J.:.."J.:..#J.:..$J.;..%J.;..&J?;..'J.;..(J.<..)J.<..*J.<..+J.<..,J.<../J.=..0J.=..1JY>..2Jk>..3J.>..5J.>..6J#?..7J.?..8J.?..9J.?..:J.@..;JxA..<J:B..=J.B..>J*C..@JKC..BJUC..CJiC..DJqC..EJ.C..FJ.C..KJ.C..LJ.D..MJ~D..NJ.D..OJ.D..PJ.D..QJOE..RJ.E..SJ.E..TJ"F..WJ.F..ZJ.F..[J.F..\J.G..]J.G..^J.G.._J'G..`JCG..aJXG..bJYG..cJjG..dJmG..eJ.G..fJ.G..gJ.H..hJ"H..iJ>H..kJJH..mJrH..nJxH..oJ.H..pJ.H..qJ!I..tJMK..wJmK..xJ.K..yJ.K..zJ.K..{J.K..}J.K...J.L

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\fr.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):116529
                                                                                                                                                                                    Entropy (8bit):5.3861872833068585
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:40CdiDv3ixbJPRQUClLZky86mQKyIwKByroFDuFcZYjlguPyNn/Uv:4/sPixdPR3ClLZky86myIwKgrwDuFAHE
                                                                                                                                                                                    MD5:A9552C30B27ACA538388BA34C2374D75
                                                                                                                                                                                    SHA1:39173220E9DA4C3D591BDB1D0DBBA77DC8FBA6DE
                                                                                                                                                                                    SHA-256:F3BFCD6A297A7634C24F2FBD3DE96F02588B0603D4A7618BB7588F6C091BEB2E
                                                                                                                                                                                    SHA-512:F6D01A2B0C03741092858B7616DE8B52662B73A00E49B2D7B5E1A05195EDDAE507C432557B2BF8697EC0B8E3B620FA3F38BA577A7EDD909556D73498FCFFB9DA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.l4..k.{4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5....&5....+5....35....;5....C5....J5....Q5....X5....Y5....Z5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....,6....D6....K6....N6....O6....W6...._6....h6....n6....u6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..7..1.C7..2.V7..3.`7..4.~7..5..7..6..7..7..7..>..8..?..8..N.08..g.<8..i.?8..j.C8..k.H8..l.N8...IQ8...Ip8...IB9...II9...Jm9...Jx9...J.9...J.9...J.9...J.9...J.9...J.9...J5:...J>:...JT:...J_:...Jv:...J.:.. J.:..!J.;.."J.;..#J0;..$J2;..%JV;..&J.;..'J.<..(J.<..)J5=..*JQ=..+Jw=..,J.=../J.=..0J8>..1J.?..2J.?..3J4?..5Jf?..6J.?..7J.@..8J.@..9J.@..:J.A..;J.B..<J.C..=JLD..>J.D..BJ.D..CJ.D..DJ.D..EJ.D..FJ E..KJnE..LJ.E..MJ.F..NJ2F..OJEF..PJzF..QJ.F..RJeG..SJ.G..TJ.G..WJ.H..ZJ.H..[J.H..\J.H..]J.H..^J.I.._J.I..`J(I..aJ;I..bJ<I..cJSI..dJ^I..eJ.I..fJ.I..gJ.I..hJ.J..iJ'J..kJ5J..mJXJ..nJ`J..oJnJ..pJ.J..qJ.K..tJ.M..wJ.M..xJ.M..zJ.N..{J!N..}J=N...JRN...J.N...J.O

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\gu.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):212334
                                                                                                                                                                                    Entropy (8bit):4.468693017407305
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:vLx83is0a1A626ZO8n308LcKHdO3C362oY5maBeQOo5qP2G/KO4ue5GS2TsfWsjE:vL18qxv
                                                                                                                                                                                    MD5:CF428ECEC583B73172FA789BA3F9AA6B
                                                                                                                                                                                    SHA1:9A7456009B5A53C4F6470A370319395DA394E462
                                                                                                                                                                                    SHA-256:1D4D407233A4C78D5A9A242B43B21AA89FB68A0632BC52B0A515D69491632E85
                                                                                                                                                                                    SHA-512:2F86F9679E04B8188D7CE44BF0A7BF4B998D9771E9A8A83B4BE4DBA5E5D21EBF6A00091792896D9A8D4ED38EAECD43D8D2CAD920237AF1EA702DADC0341BE9C9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.n4..k.}4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}. 5....(5....-5....55....=5....E5....L5....S5....Z5....[5....\5.....5.....5....)6....Z6.....6.....6.....6.....6.....6.....7....$7....C7....p7.....7.....7.....7.....7.....7.....7.....7.....8....'8....H8....T8....v8.....8..*..8..+..8..,..8../..9..0.=9..1..9..2..9..3..9..4..:..5.H:..6..:..7..:..>.9;..?.L;..N..;..g..;..i..;..j..;..k..;..l..;...I.;...I.;...Ij=...I.=...J.=...J.=...J.=...J.>...J@>...JS>...J.>...J.>...Jw?...J.?...J.?...J.?...J.?...J.@.. J.@..!J.A.."J.A..#JWA..$JjA..%J.A..&J.B..'J&C..(J'D..)J0E..*J^E..+J.E..,J.E../J#F..0JkG..1J)I..2JFI..3J.I..5J.J..6J8K..7J[L..8J.L..9J.L..:J5M..;J.P..<JRR..=JxS..>J.S..@J`T..BJpT..CJ.T..DJ.T..EJ.T..FJ!U..KJ.U..LJ2V..MJ9W..NJcW..OJ.W..PJ.W..QJ.X..RJ.Y..SJ`Z..TJ.Z..WJ.[..ZJD\..[J`\..\J.\..]J.\..^J.\.._J.\..`JK]..aJ.]..bJ.]..cJ.]..dJ.]..eJ.^..fJc^..gJ._..hJ-_..iJ._..kJ._..mJ.`..nJ.`..oJ8`..pJ.`..qJla..tJ.f..wJ.f..xJ4g..yJ.g..zJ.g..{J.g..}J*h...JMh

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\he.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):132154
                                                                                                                                                                                    Entropy (8bit):4.844933793112407
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:IH8reuJQWaOKXLpiglHN58nX3XTnw2FCC9V:DeuJWhXLpiglHN58nHXTnw2FCC9V
                                                                                                                                                                                    MD5:A275C3557E819C6E9FB029643E38FA17
                                                                                                                                                                                    SHA1:8C005CB081417FF2BE0D7D8FB6356519A96F5703
                                                                                                                                                                                    SHA-256:4A9862EE8E139AE74E6336E0207D484E1A1AE0F689B5F1CC06B6FEA66D2090D9
                                                                                                                                                                                    SHA-512:72936FFB29AD5B7FAB17357286EEE7FA9A6B933423FC8618B19FDD841B37D9CC613A35E04614CB74F69F49A4E8BF7A8B48BB55A10E160D8363DBDF697BC314C6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.T4..k.c4..l.n4..n.v4..o.{4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5.....5....#5....+5....25....95....@5....A5....B5.....5.....5.....5.....5.....5.....5.....5.....6.....6....A6....X6....k6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....7..../7..*.:7..+.=7..,.[7../.l7..0.y7..1..7..2..7..3..7..4..8..5.18..6.u8..7..8..>..8..?..8..N..8..g..8..i..8..j..8..k..8..l..8...I.8...I.9...I.:...I.:...JM:...JW:...Ja:...Jv:...J.:...J.:...J.:...J.:...J1;...J>;...JS;...J];...Jz;...J.;.. J.;..!J#<.."J8<..#JQ<..$JY<..%J.<..&J.<..'JR=..(J.=..)J.>..*J.>..+J.>..,J.>../J.?..0J.?..1J.@..2J.@..3J.@..5J0A..6J.A..7J.B..8J.B..9J.B..:J.C..;J.E..<J.F..=J.H..>JZH..@J.H..BJ.H..CJ.H..DJ.H..EJ.H..FJ.I..KJfI..LJ.I..MJ.J..NJJJ..OJaJ..PJ.J..QJ'K..RJ{K..SJ.K..TJ.L..WJ.L..ZJ.L..[J.M..\J.M..]J.M..^J M.._JEM..`JcM..aJ}M..bJ~M..cJ.M..dJ.M..eJ.M..fJ.N..gJ.N..hJ.N..iJ.N..kJ.N..mJ.O..nJ.O..oJ)O..pJdO..qJ.P..tJ.S..wJ.S..xJ.S..yJ.T..zJ(T..{JET..}JeT...JzT

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\hi.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):219113
                                                                                                                                                                                    Entropy (8bit):4.437297845271283
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:+8UrfNIncwfKSIv73cdEVhkAovrCFO/S/+fm2BfvTH+f+aJBKfzzruE3b8RLljlB:/Urfm+59R
                                                                                                                                                                                    MD5:EB017AC26477D54C707D3E965EC352C5
                                                                                                                                                                                    SHA1:112001C7A38D9B95D3D0E422E10C585079356018
                                                                                                                                                                                    SHA-256:06424570167C9BDD7E13B115A632D6AB58DE7A4FA14F8D094627BD12D85E9318
                                                                                                                                                                                    SHA-512:8DFB1F8B18AE62841A40DE244CE725B9AD865B4DE7D250C0D5799F6896D274276E73672E3DE455D0312A397D20598C768462895E4A768511B7CA530717611837
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.P4..k._4..l.j4..n.r4..o.w4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5.....5.....5....'5.....5....55....<5....=5....>5.....5.....5.....6....B6....s6....u6....y6.....6.....6.....6.....6.....7....L7....v7....}7.....7.....7.....7.....7.....7.....7.....8....08....I8...._8.....8..*..8..+..8..,..8../..9..0..9..1..9..2..9..3..9..4..:..5.I:..6..:..7..:..>.C;..?.V;..N..;..g..;..i..;..j..;..k..;..l..;...I.;...I.<...I+>...ID>...J.>...J.>...J.>...J.>...J ?...J9?...J~?...J.?...JU@...Jy@...J.@...J.@...J.@...J.@.. J.A..!J.A.."J-B..#JbB..$JrB..%J.B..&J6C..'J-D..(J.E..)J.F..*J:F..+JyF..,J.F../J.F..0J.H..1J.I..2J.I..3J#J..5J.J..6J.K..7J.M..8J?M..9JpM..:J.M..;J.P..<J!R..=J\S..>J.S..@J!T..BJ7T..CJVT..DJhT..EJ.T..FJ)U..KJZV..LJ.V..MJ.W..NJ.W..OJ.X..PJMX..QJ#Y..RJ.Y..SJ.Z..TJ_[..WJ.\..ZJ.\..\J.]..]J.]..^J.].._Jj]..`J.]..aJ.^..bJ.^..cJ8^..dJ;^..eJ._..fJa_..gJ._..hJ0`..kJp`..mJ.`..nJ.`..oJ.`..pJ]a..qJCb..tJ.i..wJwi..xJ.i..yJ$j..zJ:j..{J.j..}J.j...J.j...J.k...J.l

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\hr.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):105383
                                                                                                                                                                                    Entropy (8bit):5.507562593845028
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:MMN0LeqtKRxAGCyle77l/XpUa+tbakWlMMoLu87R53Kkx9i:Mfyr5nKp
                                                                                                                                                                                    MD5:551026FCBD640C1B911ED5B4CB7ADA68
                                                                                                                                                                                    SHA1:3AAC7631C7F23E15A1ABC4FA1CEE98ACB695AADB
                                                                                                                                                                                    SHA-256:CC48D7DEAF73103E22E3E5900503396E2A2C9E5BF1450A4DF8CE94179B1E47A2
                                                                                                                                                                                    SHA-512:7BED851ACC8A137C481968902006917C6EABDF1476C4CD74DEA7BFA731BD45EFF6B742C4B4EF48BA9C9EB4B2BA86C09C14878C05FF797BF56DA075DA9E53BFC9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........'...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|. 5..}.25....:5....?5....G5....O5....W5....^5....e5....l5....m5....n5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....06....F6....M6....P6....Q6....\6....h6....m6....t6....|6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..7..1.77..2.I7..3.X7..4.u7..5..7..6..7..7..7..>..8..?..8..N."8..g.+8..i..8..j.28..k.98..l.A8...IF8...Id8...I#9...I+9...JS9...JZ9...J`9...Jo9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J+:...J<:.. J.:..!J.:.."J.:..#J.:..$J.:..%J.:..&J&;..'J.;..(J.;..)JW<..*Jk<..+J.<..,J.<../J.<..0J0=..1J.=..2J.=..3J.>..5JM>..6J.>..7J.?..8J.?..9J.?..:J.?..;J.A..<J.B..=J.C..>J.C..@J.C..BJ.C..CJ.C..DJ.D..EJ.D..FJ<D..KJ{D..LJ.D..MJ.E..NJ!E..OJ8E..PJ`E..QJ.E..RJ.F..SJeF..TJ.F..WJ G..ZJEG..\JLG..]JRG..^JXG.._JpG..`J.G..aJ.G..bJ.G..cJ.G..dJ.G..eJ.G..fJ.H..gJPH..hJeH..iJ.H..kJ.H..mJ.H..nJ.H..oJ.H..pJ.H..qJgI..tJ2L..wJGL..xJfL..yJ.L..zJ.L..{J.L..}J.L...J.L...JNM

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\hu.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):113044
                                                                                                                                                                                    Entropy (8bit):5.646517078166082
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:srCzB7nRkbJiKw7UiGKAWEc2dA3RdpEtL1543ICJ:srCV2bOUiGlc1RdpEPu3ICJ
                                                                                                                                                                                    MD5:E51AFBBA3250E655BC01E424A29E3162
                                                                                                                                                                                    SHA1:D7AAF2F2F9629BA9F7CF8A513C2905A13D0B6A8F
                                                                                                                                                                                    SHA-256:61AE4E65474CB4ECF5EDB2EC9BB9EA2B7A47BBF769F81C8FEE1282C13B209783
                                                                                                                                                                                    SHA-512:57FC72149761CDF1DE5C021BF7E63D79D91EF2E54DEA57B9BD9F659DBB2C2F76DC43904C53518C00FE4CA80B92B6FC57489E275FD0006B2295F31DD45C0618EC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.n4..k.}4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}. 5....(5....-5....55....=5....E5....L5....S5....Z5....[5....\5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....-6....G6....g6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....7..*..7..+."7..,.@7../.Q7..0.[7..1..7..2..7..3..7..4..7..5..7..6."8..7.=8..>.^8..?.k8..N.~8..g..8..i..8..j..8..k..8..l..8...I.8...I.8...Iw9...I.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J :...Ja:...Jq:...J.:...J.:...J.:...J.:.. J.:..!J.;.."J#;..#J6;..$J;;..%JX;..&Jx;..'J.;..(J\<..)J.<..*J.<..+J.=..,J,=../JI=..0J.=..1J.>..2J.>..3J.>..5J.?..6J.?..7J.?..8J.@..9J.@..:J<@..;JUA..<J.A..=JDB..>J.B..@J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ)C..KJ{C..LJ.C..MJ.D..NJ7D..OJLD..PJ.D..QJ.E..RJXE..SJ.E..TJ.E..WJ.F..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.G..`J.G..aJ?G..bJ@G..cJTG..dJWG..eJ.G..fJ.G..gJ.H..hJ0H..iJIH..kJPH..mJ.H..nJ.H..oJ.H..pJ.H..qJ&I..tJ.J..wJ.J..xJ.K..yJ.K..zJ7K..{JSK..}JpK...J.K

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\id.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):96881
                                                                                                                                                                                    Entropy (8bit):5.341301770866197
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:M+zgmloUhrsGEKhU95/SWpEmNUwRKUEJ4eI8B4X1CPXsAzb2ZghlrRajcCdAbJ:M+HlukU95KWy4eIn8XsAzaZGlccCdO
                                                                                                                                                                                    MD5:0B9E5F5651AED9D1299F3246597AC182
                                                                                                                                                                                    SHA1:62AA835853C07E66D027D129265429ADC6779491
                                                                                                                                                                                    SHA-256:E07BE6B1A095F235A4BABB2AD5E8018C8C1B2F7CD6FEAB170124D25898E764C6
                                                                                                                                                                                    SHA-512:9D4C238F9506F41A43D531A762F7B8426DB83AE093433E075237EC5211451EA6F888CEB14B8A055B67E5C6BE43C0087D1C35DE558CBC6D828DA96043B98338F2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.b4..k.q4..l.|4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..5..}..5.....5....!5....)5....15....95....@5....G5....N5....O5....P5....s5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....'6.....6....16....26....:6....B6....J6....O6....U6....a6....h6....l6.....6..*..6..+..6..,..6../..6..0..6..1..6..2..7..3..7..4.67..5.H7..6.~7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...I.8...I.8...J.8...J.8...J.8...J.8...J.9...J.9...J'9...J49...Js9...J|9...J.9...J.9...J.9...J.9.. J.9..!J.:.."J.:..#J.:..$J#:..%J>:..&Jp:..'J.:..(JE;..)J.;..*J.;..+J.;..,J.;../J.<..0J.<..1J]=..2Jl=..3J~=..5J.=..6J.>..7J{>..8J.>..9J.>..:J.>..;J.?..<J.@..=J.@..>J.@..@J.@..BJ.@..CJ.@..DJ.A..EJ.A..FJ&A..KJhA..LJ.A..MJ.A..NJ.A..OJ.B..PJ5B..QJ.B..RJ.B..SJ.C..TJGC..WJ.C..ZJ.C..[J.C..\J.D..]J.D..^J.D.._J#D..`J;D..aJ\D..bJ]D..cJkD..dJnD..eJ.D..fJ.D..gJ.E..hJ.E..iJ0E..kJ?E..mJ^E..nJbE..oJqE..pJ.E..qJ.E..tJOG..wJaG..xJrG..yJ.G..zJ.G..{J.G..}J.G...J.G

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\it.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):105591
                                                                                                                                                                                    Entropy (8bit):5.277422916407698
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:Ub5255TLQ2Vxyi9yN4tA7kxA78dgDufZfW01c:UFw5TLQ2Vwi9yN4tA7kxA78qkZOac
                                                                                                                                                                                    MD5:FA6ECEAAA453FB66BD631AA9BABE0026
                                                                                                                                                                                    SHA1:790BFEFC29597D09F313C08E7B23FF298D60FA23
                                                                                                                                                                                    SHA-256:4E2089D3FD90977F9A3A88B2AF7FA9FF3B9864969D2F4582431626AE1F37C158
                                                                                                                                                                                    SHA-512:88EB70A25A6B76E5B3272D4BAE0721F23610DDD1284F54CB991EEF3AD78ECA13F47C6A8D79D5FB73F8FE171D5ABEA770B6902D0A1541884CBD5677F3DD4920F5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........#...j.x4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..5..z..5..|..5..}.*5....25....75....?5....G5....O5....V5....]5....d5....e5....f5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....!6....46....L6....b6....i6....l6....m6....{6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../..7..0..7..1.d7..2.x7..3..7..4..7..5..7..6..8..7..8..>.08..?.;8..N.L8..g.V8..i.Y8..j.]8..k.d8..l.k8...Iq8...I.8...I]9...Id9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J*:...J3:...JL:...JQ:...Jb:...Jm:.. J.:..!J.:.."J.:..#J.:..$J.;..%J.;..&JJ;..'J.;..(J.<..)J.<..*J.<..+J.<..,J.<../J.=..0J.=..1Jv>..2J.>..3J.>..5J.>..6JL?..7J.?..8J.?..9J.?..:J.?..;J.A..<J.A..=J(B..>JvB..BJ.B..CJ.B..DJ.B..EJ.B..FJ.B..KJ/C..LJcC..MJ.C..NJ.C..OJ.D..PJ@D..QJ.D..RJ.D..SJSE..TJ.E..WJ+F..ZJ]F..[JeF..\JmF..]JqF..^JuF.._J.F..`J.F..aJ.F..bJ.F..cJ.F..dJ.F..eJ.F..fJ.G..gJUG..hJfG..iJ.G..kJ.G..mJ.G..nJ.G..oJ.G..pJ.G..qJ8H..tJ.J..wJ%J..xJ7J..yJ^J..zJcJ..{J.J..}J.J...J.J...J/K

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ja.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):127428
                                                                                                                                                                                    Entropy (8bit):5.826025776360829
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:T0gtNfSwl76rsWg4AkDiQ492E46Tesg+ahB+nLi0doNHVQ:Ig3fjl76IWA+4TiiAB+Li2oNHVQ
                                                                                                                                                                                    MD5:932A8B529D16E79C1471FB8C92109EEB
                                                                                                                                                                                    SHA1:4CEC50AF799472BEA97FC1B1A127C31D9D08B176
                                                                                                                                                                                    SHA-256:275307A3A9708C0698565F10941C57D42E1D2F55709A025D37E588699B5A985E
                                                                                                                                                                                    SHA-512:F2DDB70F819EF08B51C73748F2898EBC987D1D46DFA8E8EA00D2309AC51E37973310BB4F2A3503BB7AD5EF68150B01F3FE5492470D1E30FAB374159EF44F8F4B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j..4..k.+4..l.44..m.<4..o.Q4..p.^4..q.d4..v.s4..w..4..y..4..z..4..|..4..}..4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....5.....5....D5....]5....{5.....5.....5.....5.....5.....5.....5.....5.....5.....6....@6....i6....p6....s6....|6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../.'7..0.07..1.u7..2..7..3..7..4..7..5..7..6.58..7.P8..>.n8..?.x8..N..8..g..8..i..8..j..8..k..8..l..8...I.8...I.8...I.9...I.9...J.:...J.:...J.:...J.:...JF:...JL:...Jm:...J.:...J.:...J.:...J.:...J.:...J.;...J-;.. J.;..!J.;.."J.;..#J.;..$J.;..%J.<..&JB<..'J.<..(JP=..)J.=..*J.=..+J">..,J1>../JF>..0J.>..1J.?..2J.?..3J.?..5J;@..6J.@..7JJA..8JhA..9JzA..:J.A..;J.B..<J?C..=J.C..>J.D..@J?D..BJND..CJ`D..DJfD..EJxD..FJ.D..KJ.E..LJ:E..MJ.E..NJ.E..OJ.E..PJ.F..QJeF..RJ.F..SJ#G..TJZG..WJ.G..ZJ:H..\J@H..]JCH..^JFH.._JjH..`J.H..aJ.H..bJ.H..cJ.H..dJ.H..eJ.I..fJ4I..gJ.I..hJ.I..iJ.I..kJ.I..mJ.I..nJ.I..oJ.J..pJ.J..qJ.J..tJeL..wJ.L..xJ.L..zJ.L..{J)M..}JaM...JyM...J.N...J]N...J.N...J.O

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\kn.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):243013
                                                                                                                                                                                    Entropy (8bit):4.364997137141875
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:VwI+rxPrIbgMkipVLe4wrZELNm7SIY/u5ZDu6oSPE7JQO5/d/OACAGAfKI:OI+B0bg4m7S3+ZDu6oSs7JQOV5GAfF
                                                                                                                                                                                    MD5:9224BEB43327CAF18C4FDE76482AE12A
                                                                                                                                                                                    SHA1:EBAA89421838C093E36D74CEC8BB3521772F29CF
                                                                                                                                                                                    SHA-256:1A3FA5261B58113AE1A5CF140ABD93E812B4A866A19A4C54929FFFEE5F42B18B
                                                                                                                                                                                    SHA-512:2C3AE5FD43607F34562B935BF6FB5DC62D083073F430959C4D883C188F744F49AC38D3A3BFA8C3E61113A2E4813D06FCB499FFE3CBFD07979B405B0CD6EB2432
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........"...j.v4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..5..z..5..|..5..}.(5....05....55....=5....E5....M5....T5....[5....b5....c5....d5.....5....-6....d6.....6.....6.....6.....6.....7....57....f7.....7.....7.....8....H8....O8....R8....T8....l8.....8.....8.....8.....8.....9.....9....-9....h9..*..9..+..9..,..9../..9..0..9..1..:..2..:..3..:..4..;..5.c;..6..;..7..<..>.b<..?.u<..N..<..g..<..i..<..j..<..k..<..l..<...I.<...Ig=...Ib?...I.?...J.?...J.?...J.@...J5@...J.@...J.@...J.@...J.A...J.A...J.B...JIB...JXB...J.B...J.B.. JYC..!J.C.."J.C..#J,D..$JDD..%J.D..&J.E..'JNF..(JRG..)JdH..*J.H..+J.H..,J(I../J.I..0J.K..1J(M..2J?M..3J.M..5J'N..6JqO..7J.P..8J+Q..9JVQ..:J.Q..;J.U..<J?W..=J.X..>JZY..BJ.Y..CJ.Z..DJ.Z..EJEZ..FJ.Z..KJ.[..LJ.\..MJ:]..NJm]..OJ.]..PJ6^..QJ3_..RJ.`..SJ.`..TJYa..WJ.b..ZJ6c..[JQc..\Jlc..]J~c..^J.c.._J.c..`J9d..aJwd..bJxd..cJ.d..dJ.d..eJ.d..fJFe..gJ.f..hJ$f..iJrf..kJ.f..mJ.f..nJ.f..oJ.g..pJsg..qJ.h..tJ.n..wJ&o..xJyo..yJ.o..zJ.o..{J9p..}Jip...J.p...J.q

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ko.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):107006
                                                                                                                                                                                    Entropy (8bit):6.13524501321474
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:L6jlXiuY72PcT5t4CuAJq/4KiWgDqbYSwnT:WjllY7e6teKQezSwT
                                                                                                                                                                                    MD5:D6C5199671535C5B644D730C9D8C9063
                                                                                                                                                                                    SHA1:7BC876A53B0DA752FC93A088AF1ECD043DEA6AD0
                                                                                                                                                                                    SHA-256:0A46CCE08401A72E44178349A61CDBAE5FD78CA4F071BFF2BF5F2E8C877A25F8
                                                                                                                                                                                    SHA-512:71F8C2A676C7E672476D578EC36D8E9B16F823FE257F7DA7C22B84DCDEBFB7C18480FB52A386F14B9D60D2AAC6C322AAEDE7D61F3032842D3BF713EDDA8CF857
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j..4..k..4..l.'4..m./4..o.54..p.<4..q.B4..r.Q4..s.b4..t.k4..y..4..z..4..|..4..}..4.....4.....4.....4.....4.....4.....4.....4.....4.....4.....4..../5....;5....K5....^5....n5....p5....t5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.....6.....6....,6....26....;6....M6..*.Z6..+.]6..,..6../..6..0..6..1..6..2..7..3..7..4.17..5.Y7..6..7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..8...I.8...I;8...I.8...I.9...J)9...J29...J;9...JG9...J[9...Ja9...Jn9...J~9...J.9...J.9...J.9...J.9...J.:...J':.. Jm:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.;..'J.;..(J.<..)J.<..*J.<..+J.<..,J.<../J.<..0J.=..1J.>..2J.>..3J.>..5J.>..6Jo?..7J.?..8J.?..9J.?..:J.@..;J*A..<J.A..=J>B..>J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ.C..KJ[C..LJ.C..MJ.C..NJ.D..OJ*D..PJTD..QJ.D..RJ.D..SJRE..TJwE..WJ.F..ZJ3F..\J9F..]J<F..^JBF.._JVF..`JvF..aJ.F..bJ.F..cJ.F..dJ.F..eJ.F..fJ.G..gJPG..hJdG..iJ.G..kJ.G..mJ.G..nJ.G..oJ.G..pJ.G..qJ*H..tJ.I..wJ.I..xJ.I..zJ.I..{J.J..}J J...J0J...J.J...J.J...J;K...J.K...J.K...J.K

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\lt.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):114368
                                                                                                                                                                                    Entropy (8bit):5.628766403232453
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:RmrvD38onfyORY5gaJzU5R8FYlKUxnaJGN5c0z5PEAy6K5rmz3MWbhg5m1NqF6Sb:Y738oKGyQfKenaIcApbXdtrqF6S05nI
                                                                                                                                                                                    MD5:29AEEB61DF906C770E43ED477160F5BC
                                                                                                                                                                                    SHA1:D3224DFF1967DDD1618D1573D91C3149DED8AE3E
                                                                                                                                                                                    SHA-256:225E5784A7A616F83D81E6F3FDC5510E975E9FBDE741B673DEECE5DED1604A9D
                                                                                                                                                                                    SHA-512:09F601216EF230C20E58391C566CAF388B0ED5421CACBC06FD50BEF242ACAC599E09F92FE63AA055DD314E0EBE9985B76016D82D32B426E51B1F63C7B888AC9A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........!...j.t4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}.&5.....5....35....;5....C5....K5....R5....Y5....`5....a5....b5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....'6....?6....V6....]6....`6....a6....k6....v6....}6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../.)7..0.,7..1.]7..2.n7..3..7..4..7..5..7..6..8..7.98..>.Y8..?.b8..N.u8..g..8..i..8..j..8..k..8..l..8...I.8...I.8...I.9...I.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J,:...Je:...Jo:...J.:...J.:...J.:...J.:.. J.;..!J0;.."JC;..#JT;..$J[;..%Jx;..&J.;..'J"<..(J.<..)J9=..*JS=..+J.=..,J.=../J.=..0JF>..1J.?..2J.?..3J4?..5J]?..6J.?..7J.@..8J.A..9J.A..:J/A..;JYC..<J.D..=J.E..>J.F..@J)F..BJ2F..CJHF..DJQF..EJdF..FJ.F..KJ.F..LJ)G..MJ.G..NJ.G..OJ.G..PJ.H..QJ.H..RJ.H..SJ7I..TJwI..WJBJ..ZJjJ..\JuJ..]J{J..^J.J.._J.J..`J.J..aJ.J..bJ.J..cJ.J..dJ.J..eJ.K..fJ$K..gJeK..hJ.K..iJ.K..kJ.K..mJ.K..nJ.K..oJ.K..pJ.L..qJ.L..tJ.P..wJ.Q..xJ&Q..yJMQ..zJUQ..{JvQ..}J.Q...J.Q...J.R

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\lv.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):113868
                                                                                                                                                                                    Entropy (8bit):5.628642662789089
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:0rv+yaMchZGB5nDJSM+hzyez0YNUc8YjJ8I4WSuAhaIphcmE425BaYK/faVdX1:0rvdapZGTmUc8Yd8ScVfaVdF
                                                                                                                                                                                    MD5:CE3CB88E12F86EB6F6AD23A4D34F49E5
                                                                                                                                                                                    SHA1:31ED4DDBFE6BEFA49C6C28089EDB1B1617D896BD
                                                                                                                                                                                    SHA-256:D58B6308B64A1CDA4EE0B2B395672728CE7ABB73C44961FC911386569CAEE60E
                                                                                                                                                                                    SHA-512:5DB77B4E3FE2A2C76FC15134B7DB1C4ACDCD08CD296AA1657A08B55871353FC7F911222FF16078379A8596D401A66272A431FA9FEFF8BDA5BEDAC9D7479D02F4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........*...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z. 5..|.&5..}.85....@5....E5....M5....U5....]5....d5....k5....r5....s5....t5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....,6....>6....W6....o6....v6....y6....z6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../.=7..0.M7..1..7..2..7..3..7..4..7..5..7..6..8..7.88..>.L8..?.T8..N.d8..g.n8..i.q8..j.u8..k.z8..l..8...I.8...I.8...IT9...I]9...J}9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J::...JF:...JW:...J`:...Jt:...J.:.. J.:..!J.:.."J.;..#J";..$J(;..%J=;..&Jb;..'J.;..(JT<..)J.<..*J.<..+J.=..,J"=../J==..0J.=..1J.>..2J.>..3J.>..5J.?..6Jz?..7JD@..8JK@..9J\@..:J.@..;J.B..<J.C..=J=D..>J.D..@J.D..BJ.D..CJ.D..DJ.D..EJ.D..FJ.E..KJRE..LJvE..MJ.E..NJ.E..OJ.F..PJ:F..QJ.F..RJ.F..SJ&G..TJUG..WJ.G..ZJ.H..[J.H..\J"H..]J*H..^J.H.._JOH..`JeH..aJ.H..bJ.H..cJ.H..dJ.H..eJ.H..fJ.H..gJ8I..hJOI..iJtI..kJ{I..mJ.I..nJ.I..oJ.I..pJ.I..qJaJ..tJIM..wJdM..xJ.M..yJ.M..zJ.M..{J.M..}J.M...J.N

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ml.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):256394
                                                                                                                                                                                    Entropy (8bit):4.3824317738273235
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:ipt3yrxsIaPEL+YBkW4m/rvFdq2C1TmHh03m:mtGpaPk/XJdPETS03m
                                                                                                                                                                                    MD5:AA549352CE43C7F3AADCF24DB4B28039
                                                                                                                                                                                    SHA1:52F9DE28A67E438A4B055B0988F2C4DC480A61FA
                                                                                                                                                                                    SHA-256:E51D9A02AD11CB9825368DA9A17AF7294B7E6BF11079E2072E4BEC028ECAF20F
                                                                                                                                                                                    SHA-512:D220AC779B5AA363E4837430FB66FC3833FE0331FBA3C634AD920F8DBA8DBB1F32FDE0EB6DA26CABD9C089326A46252DF22ADE62299D6BC37C9B0F3694E8AB51
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.p4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}."5....*5..../5....75....?5....G5....N5....U5....\5....]5....^5.....5.....6....I6.....6.....6.....6.....6.....7.....7....?7.....7.....7.....7....(8..../8....28....48....U8....s8.....8.....8.....8.....9....09....N9....y9..*..9..+..9..,..9../..:..0..:..1..:..2..:..3..;..4.P;..5..;..6.J<..7..<..>..=..?.&=..N.Z=..g.|=..i..=..j..=..k..=..l..=...I.=...I.>...I.@...I)@...J.@...J.@...J.@...J.@...J+A...J=A...J.A...J.A...JfB...J.B...J.B...J.B...J.C...J@C.. J.C..!JED.."JvD..#J.D..$J.D..%J-E..&J.E..'J.F..(J.G..)J=I..*J{I..+J.I..,J,J../JyJ..0J.L..1J:N..2JQN..3J.N..5J?O..6J.P..7J.Q..8J.Q..9J.R..:J~R..;JJU..<J]V..=J<W..>J.X..@JcX..BJ~X..CJ.X..DJ.X..EJ.X..FJlY..KJ~Z..LJ.Z..MJ.\..NJ>\..OJ.\..PJ.]..QJ.^..RJ.^..SJ._..TJ@`..WJ.a..ZJ[b..\J.b..]J.b..^J.b.._J.b..`J<c..aJvc..bJwc..cJ.c..dJ.c..eJ.d..fJPd..gJ.e..hJDe..iJ.e..kJ.e..mJ2f..nJ]f..oJ.f..pJ.f..qJ.g..tJdk..wJ.k..xJ.k..yJtl..zJ.l..{J.m..}JCm...Jkm...J.n

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\mr.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):209573
                                                                                                                                                                                    Entropy (8bit):4.450668379803355
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:LM82qbqMB6D/W502ZleTc7eegSZhBFvWSLQEDE5dEBZt+TYjDR6KAu:Jwtu
                                                                                                                                                                                    MD5:896759A28D38E5D8F415570DD6F4D85E
                                                                                                                                                                                    SHA1:23F55CDE464192839434A1E727CEB285B8B1F82B
                                                                                                                                                                                    SHA-256:4293AFACF1C4DCE2423C368A45FEC4B33AAC7232E7B7C1919AA8A5A20FB026A1
                                                                                                                                                                                    SHA-512:4392943394E2EBC257ED230F993D6F0280AD4106E2623BD9A498C8CBB8DCAF05A49FB998F855FBBA637030F43E68D15DC429D71604EF285F211A9C86480C4E60
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.T4..k.c4..l.n4..n.v4..o.{4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5.....5....#5....+5....25....95....@5....A5....B5.....5.....5.....6...."6....o6....q6....u6.....6.....6.....6.....6.....7....>7....b7....i7....l7....n7.....7.....7.....7.....7.....7.....8.....8.... 8....U8..*.y8..+.|8..,..8../..8..0..8..1.]9..2.t9..3..9..4..9..5..:..6.o:..7..:..>..:..?..;..N.0;..g.F;..i.I;..j.M;..k.R;..l.c;...Ih;...I.;...Ix=...I.=...J.=...J.=...J.=...J.>...JU>...Jn>...J.>...J.>...JZ?...Jq?...J.?...J.?...J.?...J.@.. J.@..!J+A.."JWA..#J.A..$J.A..%J.A..&J[B..'JcC..(JZD..)JTE..*J.E..+J.E..,J.F../JRF..0J.G..1J.I..2J.I..3J.I..5JUJ..6J.K..7J.L..8J.L..9J.M..:JhM..;J.O..<J.P..=J.Q..>J)R..@J.R..BJ.R..CJ.R..DJ.R..EJ.S..FJaS..KJ T..LJ}T..MJsU..NJ.U..OJ.U..PJlV..QJXW..RJ.X..SJ.X..TJUY..WJ.Z..ZJ.[..[J.[..\JA[..]JP[..^J\[.._J.[..`J.[..aJ(\..bJ)\..cJR\..dJU\..eJ.\..fJ.\..gJW]..hJt]..iJ.]..kJ.]..mJ+^..nJ=^..oJT^..pJ.^..qJ2_..tJyb..wJ.b..xJ.c..yJcc..zJrc..{J.c..}J.c...J.d

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ms.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):99639
                                                                                                                                                                                    Entropy (8bit):5.243278535485018
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:Hcy5Z74bI/tcHEry1GQ/ApwYXBSBYOYSjfhos036Kw+8uDe:8yT4bIKEGqwYXBSdJo76Kp8uDe
                                                                                                                                                                                    MD5:407DD10484A99B21FFDAE6016132BF26
                                                                                                                                                                                    SHA1:D1D7A5524FDF026A49391522C42D059406BD0442
                                                                                                                                                                                    SHA-256:83248A2AAEFB87FC19454AFA34BF5DF99B95B98F823B534DE0BAE552C8260D93
                                                                                                                                                                                    SHA-512:908B71411E34EC56E77C5837A856898F929DDDC81D95A7E2B6D47F4F4E1D72B499D627A8CEC7233E4F39292F592B6A90354E6325AAFACC145C994ABEA1FF6F64
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.d4..k.s4..l.~4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..5..}..5.....5....#5....+5....35....;5....B5....I5....P5....Q5....R5....|5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....'6....@6....W6....^6....a6....b6....l6....w6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..7..1.77..2.D7..3.O7..4.n7..5..7..6..7..7..7..>..7..?..7..N..8..g..8..i..8..j..8..k."8..l.*8...I/8...IG8...I.8...I.8...J.9...J$9...J*9...J19...JH9...JP9...Jn9...J{9...J.9...J.9...J.9...J.9...J.9...J.9.. JH:..!Jc:.."Jo:..#Jw:..$J~:..%J.:..&J.:..'J$;..(J.;..)J.;..*J.<..+J(<..,J3<../JO<..0J.<..1J.=..2J.=..3J.=..5J.=..6J4>..7J.>..8J.>..9J.>..:J.>..;J.?..<JI@..=J.@..>J.@..@J.A..BJ.A..CJ!A..DJ*A..EJ9A..FJUA..KJ.A..LJ.A..MJ.B..NJ,B..OJ;B..PJhB..QJ.B..RJ.C..SJaC..TJ.C..WJ.D..ZJ@D..\JFD..]JKD..^JPD.._JbD..`JyD..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.D..gJ<E..hJQE..iJeE..kJsE..mJ.E..nJ.E..oJ.E..pJ.E..qJ.F..tJ.G..wJ.G..xJ.G..yJ.H..zJ.H..{JAH..}J\H...JlH...J.H

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\nb.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):98518
                                                                                                                                                                                    Entropy (8bit):5.395332505716346
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:gom2lbcn3CeEFoivwBiXEHZqFdIm8VUvCAchEHAxF:gc4nymDHZqFdIwC7F
                                                                                                                                                                                    MD5:1BDFC009F54C1E5BC8EEEB5017F9DE53
                                                                                                                                                                                    SHA1:7427D3F37771886AF1C0AF1D20468960C524377D
                                                                                                                                                                                    SHA-256:21F3EFE54A2A0ED9E2F618B2A50F89B44957BC7C779E7F88C1F10B310CEA8BD5
                                                                                                                                                                                    SHA-512:EEE4AED543D30C7A74A64350CF67B454EC4AD56DC6A51F88DEC648B80A33146F5BD3FFADAB16A1F0B8E1FFE427F56F58A86DA748ED1B118EA7FA72610D84C07A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.n4..k.}4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}. 5....(5....-5....55....=5....E5....L5....S5....Z5....[5....\5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....%6....(6....)6....06....86....C6....G6....N6....Y6....`6....d6....|6..*..6..+..6..,..6../..6..0..6..1..6..2..6..3..7..4.$7..5.97..6.p7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...I.8...I.8...J.8...J.8...J.8...J.8...J 9...J(9...J@9...JM9...J.9...J.9...J.9...J.9...J.9...J.9.. J.:..!J1:.."JA:..#JQ:..$JW:..%Jl:..&J.:..'J.;..(Jv;..)J.;..*J.;..+J.<..,J.<../J*<..0J.<..1J2=..2JA=..3JQ=..5J}=..6J.=..7JG>..8JW>..9Jd>..:J.>..;Jn?..<J.?..=JR@..>J.@..@J.@..BJ.@..CJ.@..DJ.@..EJ.@..FJ.A..KJBA..LJmA..MJ.A..NJ.B..OJ.B..PJQB..QJ.B..RJ.B..SJCC..TJnC..WJ.D..ZJCD..\JJD..]JPD..^JSD.._JgD..`J.D..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.D..gJ/E..hJAE..iJZE..kJbE..mJ.E..nJ.E..oJ.E..pJ.E..qJ.F..tJsG..wJ.G..xJ.G..yJ.G..zJ.G..{J.G..}J.H...J!H...J.H

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\nl.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):101895
                                                                                                                                                                                    Entropy (8bit):5.3499106046374685
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:u6KTrYE5am7spkFjegH7IINejowGTielwo6ytW9:kNjeKqRmUyc9
                                                                                                                                                                                    MD5:FA16E91633AA0F20E49B7E19BB57AACB
                                                                                                                                                                                    SHA1:595D392D20DF35ED71F4461CD5C85B77A68612F1
                                                                                                                                                                                    SHA-256:E94551CA94505F068ECD0619AF676B7B3A869F6068AF87F0F537CACE8055BA4B
                                                                                                                                                                                    SHA-512:D3FA50F247CB216E07D4905BFEC4AB39D15BBC9B60CF0E3DC733BDCD2A0CBB1F8513589C40111335797248119E59AB2D2D46C2CF18C496796FD4B7233A829A30
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........$...j.z4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..5..z..5..|..5..}.,5....45....95....A5....I5....Q5....X5...._5....f5....g5....h5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....)6....D6....U6....\6...._6....`6....m6....z6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..6..0..7..1.B7..2.N7..3.[7..4.v7..5..7..6..7..7..7..>..7..?..8..N..8..g.'8..i.*8..j..8..k.58..l.;8...I@8...I\8...I/9...I89...JV9...J^9...Jd9...Jn9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J.:.. J]:..!J{:.."J.:..#J.:..$J.:..%J.:..&J.:..'JK;..(J.;..)J.<..*J%<..+JR<..,Ja<../Ju<..0J.<..1J.=..2J.=..3J.=..5J.=..6Jc>..7J.>..8J.>..9J.>..:J.?..;J.@..<J.@..=J.A..>JNA..@JqA..BJzA..CJ.A..DJ.A..EJ.A..FJ.A..KJ.B..LJ=B..MJ.B..NJ.B..OJ.B..PJ.C..QJoC..RJ.C..SJ.C..TJ+D..WJ.D..ZJ.D..[J.D..\J.E..]J.E..^J.E.._J#E..`J=E..aJOE..bJPE..cJ[E..dJ^E..eJ.E..fJ.E..gJ.E..hJ.F..iJ'F..kJ.F..mJJF..nJRF..oJ`F..pJ.F..qJ.F..tJ.H..wJ.H..xJ.H..yJ.H..zJ.H..{J.I..}J/I...JBI

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\pl.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):110678
                                                                                                                                                                                    Entropy (8bit):5.741625091591969
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:t8ZTz/RoRMa8odxIQW6AeJJzg349OM4oNsNYyhIi+3ZyL5kA:t8Nz/eIQDg3Y4rYIIi+3Ze
                                                                                                                                                                                    MD5:DA0BFC4EF754490879E8DD567961064A
                                                                                                                                                                                    SHA1:F331C571422C5BB85F90FE915756AD9787103C24
                                                                                                                                                                                    SHA-256:C57C2E534DA554E42388815CD3E848630ED46E1E61E640A6F3D4FD7CBDFB2AED
                                                                                                                                                                                    SHA-512:1CCDE932C1354FC0880AFB7EB1FE9A8B93297CFBB21E0DBDB78A07B116B951672A2D1DD25E0DC94FA1384AC7BB22A007B468A391457851BF8C88EFB9708A7F37
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........%...j.|4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|..5..}..5....65....;5....C5....K5....S5....Z5....a5....h5....i5....j5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....(6....>6....U6....\6...._6....`6....k6....w6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0.&7..1.U7..2.d7..3.m7..4..7..5..7..6..7..7..7..>..8..?..8..N./8..g.98..i.<8..j.@8..k.E8..l.L8...IQ8...Io8...I=9...ID9...Jp9...Jw9...J}9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J.:...J3:...J@:.. J.:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.;..'J.;..(J.;..)Ju<..*J.<..+J.<..,J.<../J.<..0Ji=..1J.>..2J)>..3J;>..5Js>..6J.>..7J.?..8J.?..9J.?..:J.?..;J.A..<J.B..=JRC..>J.C..@J.C..BJ.C..CJ.C..DJ.C..EJ.C..FJ.D..KJFD..LJjD..MJ.D..NJ.D..OJ.D..PJ!E..QJxE..RJ.E..SJ.F..TJ5F..WJ.F..ZJ.F..[J.F..\J.F..]J.F..^J.G.._J.G..`J.G..aJHG..bJIG..cJ`G..dJcG..eJ.G..fJ.G..gJ.G..hJ.G..iJ.H..kJ.H..mJ?H..nJEH..oJRH..pJrH..qJ.H..tJ.K..wJ.K..xJ.L..yJDL..zJLL..{J^L..}JyL...J.L...J.M

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\pt-BR.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):105311
                                                                                                                                                                                    Entropy (8bit):5.420675337894776
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:TTEl8e6Vb//PtDjipJtpm/QzrKj0Y0X4xhBc6x0xGUY3yDeMTwO5e:fEl8eyb/XR9/QrKJL5XMTlk
                                                                                                                                                                                    MD5:31E00C1FDFB9F86D7F5B5B285689CFF8
                                                                                                                                                                                    SHA1:C5131466499D78C7282F29B3B12F8934A139991F
                                                                                                                                                                                    SHA-256:ED9ADACAD575344216EE986E9C04908A5093AA7A0EBFBF2549DF4C668A35F356
                                                                                                                                                                                    SHA-512:B36B87330B29F99CA32D781175F1FD485FA034EAFA2458F4191B70BDBFB2866FD56EDB0E97CE7232B0DC3135B939EB7AC1161B1002D9322DBC7EE016B8069F09
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........%...j.|4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|..5..}..5....65....;5....C5....K5....S5....Z5....a5....h5....i5....j5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.....6..../6....E6....[6....b6....e6....f6....o6....x6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.;7..2.N7..3.X7..4.|7..5..7..6..7..7..7..>..7..?..8..N..8..g.%8..i.(8..j.,8..k.18..l.88...I=8...IX8...I.9...I.9...J?9...JG9...JM9...J^9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:.. J[:..!J}:.."J.:..#J.:..$J.:..%J.:..&J.:..'Jf;..(J.;..)JN<..*Jh<..+J.<..,J.<../J.<..0JW=..1J+>..2JA>..3JU>..5J.>..6J.>..7J|?..8J.?..9J.?..:J.?..;J?A..<J.A..=J.B..>J.B..@J!C..BJ)C..CJ5C..DJ?C..EJNC..FJqC..KJ.C..LJ.C..MJHD..NJZD..OJoD..PJ.D..QJ.E..RJUE..SJ.E..TJ.E..WJvF..ZJ.F..\J.F..]J.F..^J.F.._J.F..`J.F..aJ.F..bJ.F..cJ.G..dJ.G..eJ0G..fJWG..gJ.G..hJ.G..iJ.G..kJ.G..mJ.G..nJ.H..oJ.H..pJ3H..qJ.H..tJ.J..wJ.J..xJ.J..yJ.K..zJ.K..{J7K..}JWK...JiK...J.K

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\pt-PT.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106331
                                                                                                                                                                                    Entropy (8bit):5.4055438207415145
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:tcJdPoUL5qsr/y2VfgE5fcBw4d6hrxz2qKHWhLtOAZ12kR9C:+ksrbr0Bw9VtOAz2kzC
                                                                                                                                                                                    MD5:F33190E2616875ED2349115E128A54FB
                                                                                                                                                                                    SHA1:27E44FB2CDFECC19F5C91FF2F2E69956CD59BE57
                                                                                                                                                                                    SHA-256:DA64B5178BB41BE0684CB3EF1204BECB457520FE4960C3252F5CCD6A9EE9E29A
                                                                                                                                                                                    SHA-512:3020DA0FDCF7984557EF7AF1C9F0E7CBD1BF364A8841E6671CEC4B517AC89E9C4BED680A2A2E76B18DB5E2D10C7F1A41C5758306E3F20EB248796B2BE6E02FCB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........*...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z. 5..|.&5..}.85....@5....E5....M5....U5....]5....d5....k5....r5....s5....t5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.... 6....46....K6....b6....i6....l6....m6....v6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.N7..2.a7..3.k7..4..7..5..7..6..7..7..8..>.$8..?./8..N.D8..g.P8..i.S8..j.W8..k.\8..l.c8...Ih8...I.8...II9...IO9...Jt9...J~9...J.9...J.9...J.9...J.9...J.9...J.9...J&:...J4:...JL:...JS:...Jn:...J}:.. J.:..!J.:.."J.:..#J.;..$J.;..%J9;..&Jo;..'J.;..(JN<..)J.<..*J.<..+J.=..,J.=../J6=..0J.=..1J.>..2J.>..3J.>..5J%?..6J.?..7J.@..8J#@..9J;@..:J]@..;JxA..<J.A..=J.B..>J.B..@J.B..BJ.B..CJ.B..DJ.C..EJ.C..FJKC..KJ.C..LJ.C..MJ7D..NJcD..OJsD..PJ.D..QJ.E..RJVE..SJ.E..TJ.E..WJzF..ZJ.F..[J.F..\J.F..]J.F..^J.F.._J.F..`J.F..aJ.G..bJ.G..cJ.G..dJ.G..eJOG..fJzG..gJ.G..hJ.G..iJ.H..kJ.H..mJ;H..nJAH..oJNH..pJwH..qJ.H..tJ.J..wJ.J..xJ.J..yJ.J..zJ.J..{J.K..}J#K...J5K

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ro.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):108582
                                                                                                                                                                                    Entropy (8bit):5.453389680590652
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:pvGWGGi3mp16a3y5/zOSoPMyVwPgJe2DLpsPlJtWIhx5h6/uxFDv32B+A:purMpsIFJe2iPzx5h6/uxFr38/
                                                                                                                                                                                    MD5:4C4112B99FDA13B8FA5373D379F476FB
                                                                                                                                                                                    SHA1:2422AFA9EA5B204FE84CC241CF6EDA2C8B319FA2
                                                                                                                                                                                    SHA-256:99730524E53CA07481F8CDBBDACE228AED42ABC19D2277D26C42F47653F3CF07
                                                                                                                                                                                    SHA-512:C663A678D0EEB66697F430E785C32FDB021A40C6456807F3842FA0E2C9AE3450FD59C3EE15E9A0975B8D100FC7C7118A06AFD595404A29D777780106C8E1AD4F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........*...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z. 5..|.&5..}.85....@5....E5....M5....U5....]5....d5....k5....r5....s5....t5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....%6....86....S6....q6....x6....{6....|6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..7../.67..0.G7..1.s7..2..7..3..7..4..7..5..7..6..8..7.!8..>.88..?.@8..N.O8..g.]8..i.`8..j.d8..k.i8..l.n8...Is8...I.8...IL9...IV9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:...J*:...J3:...JB:...JR:.. J.:..!J.:.."J.:..#J.:..$J.:..%J.;..&J1;..'J.;..(J.<..)J{<..*J.<..+J.<..,J.<../J.<..0J[=..1J.>..2J.>..3J1>..5J]>..6J.>..7Jg?..8Jr?..9J.?..:J.?..;J.A..<J.A..=JMB..>J.B..BJ.B..CJ.B..DJ.B..EJ.B..FJ.C..KJMC..LJyC..MJ.C..NJ.C..OJ.D..PJ8D..QJ.D..RJ.D..SJ.E..TJUE..WJ.E..ZJ.F..\J.F..]J.F..^J.F.._J0F..`JJF..aJ]F..bJ^F..cJrF..dJuF..eJ.F..fJ.F..gJ.F..hJ.G..iJ$G..kJ+G..mJJG..nJSG..oJaG..pJ.G..qJ.H..tJ$J..wJ?J..xJ[J..yJ.J..zJ.J..{J.J..}J.J...J.J...JgK...J.K

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ru.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):170643
                                                                                                                                                                                    Entropy (8bit):4.97301585978007
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:KWFppsemP4lV+TQUXEmOAdOiOFIQgIvZfbRrK5VH934RzDqa7BLuW1LV2Lle9X+p:KWFpp9mQLPQVOAdOwQgIv1RcVH9IRzhM
                                                                                                                                                                                    MD5:5D77BC0C2AA843EC5BE6A3614C062359
                                                                                                                                                                                    SHA1:0B22C3376169A5BBB4697D586E4A0D3094739DD5
                                                                                                                                                                                    SHA-256:EC6654FFD877EC62D8AFCF90469ECEF5790E17C7306654CFE4B905DE449B06D8
                                                                                                                                                                                    SHA-512:A2CF1FF9F7020BA1998A7091B802DD1AEB59BF2B800A41FF221152E2D017435372BFCD52EC454DB543E856288E2DC381DC46A7926D4BB4B917B8749657FEE0AB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.L4..k.[4..l.f4..n.n4..o.s4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..4.....5.....5.....5.....5....#5....*5....15....85....95....:5.....5.....5.....5.....5.....6.....6.....6.....6....66....H6....g6.....6.....6.....6.....6.....6.....6.....6.....6.....7.....7....47....L7....V7....b7.....7..*..7..+..7..,..7../..7..0..7..1.H8..2._8..3.y8..4..8..5..8..6.S9..7.w9..>..9..?..9..N..9..g..9..i..9..j..9..k..9..l..9...I.:...I7:...I.;...I.;...J.<...J.<...J)<...J@<...Jt<...J.<...J.<...J.<...J,=...JI=...Jf=...Jx=...J.=...J.=.. J.>..!JX>.."Ju>..#J.>..$J.>..%J.>..&J.?..'J.@..(J.@..)JeA..*J.A..+J.A..,J.A../J B..0J.C..1JLD..2JeD..3J.D..5J.D..6J.E..7J.F..8J.G..9J%G..:J}G..;J.K..<J.L..=J9N..>J.N..BJ.N..CJ.N..DJ.O..EJ%O..FJgO..KJ.O..LJ1P..MJ.P..NJ.Q..OJ/Q..PJsQ..QJ.R..RJfR..SJ.S..TJHS..WJ.T..ZJfT..\J|T..]J.T..^J.T.._J.T..`J.T..aJ.U..bJ.U..cJCU..dJFU..eJ.U..fJ.U..gJ.V..hJ;V..iJgV..kJxV..nJ.V..oJ.V..pJ.V..qJ.W..tJw^..wJ.^..xJ.^..zJ.^..{J._..}Jf_...J._...J._...JA`...J.`...J.`

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sk.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):111961
                                                                                                                                                                                    Entropy (8bit):5.78637987197169
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:ufxhFgi4HHK9eDpYaQWQtTe7hukM+zBHCYaiggGP352wmQPE:hBSaQWI2ukM+zBHCYauGPp2wLPE
                                                                                                                                                                                    MD5:BA56090D9658733694473C7861D04040
                                                                                                                                                                                    SHA1:DDE05B47D06FA81ABADC1B8F74E5993D0EA61CA1
                                                                                                                                                                                    SHA-256:D7BAA6B1C0355E1CE9088C6EB508235C7A640BA70CC7AD84C9AC607026400495
                                                                                                                                                                                    SHA-512:ED49F76F2EF4975E105FE13850258A51E44D0FFA7167A52B398276898237636AA50F62209757DCD756E3FAEF5581E314E261BAA3A1E46B183A3B93AF68605C59
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........)...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z..5..|.$5..}.65....>5....C5....K5....S5....[5....b5....i5....p5....q5....r5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6...."6....36....C6....V6....]6....`6....a6....o6....}6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.E7..2.S7..3.c7..4..7..5..7..6..7..7..7..>..8..?..8..N."8..g..8..i.18..j.58..k.>8..l.H8...IM8...Im8...I'9...I19...J[9...Jc9...Ji9...Jy9...J.9...J.9...J.9...J.9...J.:...J.:...J1:...J9:...JH:...JV:.. J.:..!J.:.."J.:..#J.:..$J.:..%J.;..&J5;..'J.;..(J.<..)J.<..*J.<..+J.<..,J.<../J.<..0J~=..1J?>..2JN>..3Jc>..5J.>..6J.?..7J.?..8J.?..9J.?..:J.@..;J.A..<J.B..=J.C..>J.D..@J.D..BJ6D..CJED..DJND..EJ_D..FJ.D..KJ.D..LJ.E..MJ}E..NJ.E..OJ.E..PJ.E..QJ7F..RJtF..SJ.F..TJ.F..WJ.G..ZJ.G..[J.G..\J.G..]J.G..^J.G.._J.G..`J.G..aJ.H..bJ.H..cJ+H..dJ.H..eJnH..fJ.H..gJ.H..hJ.H..iJ.I..kJ.I..mJ1I..nJ9I..oJNI..pJsI..qJ.I..tJ{M..wJ.M..xJ.M..yJ.M..zJ.M..{J.N..}J6N...JHN...J.N

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sl.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106585
                                                                                                                                                                                    Entropy (8bit):5.474857990972114
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:RU1M1nublajdqz6HYogW4xVivgnUhXaA99DqJdIqTCORahNNi/fzU1BwwRqt:RUpZWqzon6x8DgIqTCO6Li/fzMwoqt
                                                                                                                                                                                    MD5:B1E33BBB0ABBE113A024694BF4608C5B
                                                                                                                                                                                    SHA1:A157C8578685F5084FD805C9D0734BC7646D77D9
                                                                                                                                                                                    SHA-256:48E9004441F8AFB200601EC2843A03892076DEB1706E1D3A7BBDBFCDD137AB57
                                                                                                                                                                                    SHA-512:94854EB7021AB112B710332A410AF53E59A42C4A501EB02098A41004613E5B2F7727A192C74E2A1C17BFC584A85477E75BD1EEA0187E79DB1DE83C8253BEC322
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.f4..k.u4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5.... 5....%5....-5....55....=5....D5....K5....R5....S5....T5....~5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....56....<6....?6....@6....K6....S6....Y6....^6....f6....q6....v6....|6.....6..*..6..+..6..,..6../..6..0..6..1.#7..2.27..3.?7..4.[7..5.p7..6..7..7..7..>..7..?..7..N..7..g..8..i..8..j..8..k..8..l..8...I.8...IF8...I.9...I.9...J09...J79...JL9...JS9...Jo9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...J.:.. J^:..!J.:.."J.:..#J.:..$J.:..%J.:..&J.:..'Jh;..(J.;..)JE<..*JY<..+J.<..,J.<../J.<..0J.=..1J.=..2J.=..3J.=..5J.>..6J.>..7Jd?..8Ju?..9J.?..:J.?..;JTB..<JJC..=J;D..>JuD..@J.D..BJ.D..CJ.D..DJ.D..EJ.D..FJ.D..KJ0E..LJXE..MJ.E..NJ.E..OJ.E..PJ.F..QJZF..RJ.F..SJ.F..TJ.G..WJ.G..ZJ.G..[J.G..\J.G..]J.G..^J.G.._J.G..`J.G..aJ.H..bJ.H..cJ.H..dJ.H..eJBH..fJrH..gJ.H..hJ.H..iJ.H..kJ.H..mJ.I..nJ.I..oJ#I..pJJI..qJ.I..tJVM..wJuM..xJ.M..yJ.M..zJ.M..{J.M..}J.N...J.N...J.N

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sr.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):161804
                                                                                                                                                                                    Entropy (8bit):4.913015445699687
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:u6umjOFT3hFmGK7vVsY+f1GX20Dl370BQn0yh9K3Y+Nst3r1GLTL6itWYJ/k/Zp:HT+TP0B7XDp370+n59URV/k/Zp
                                                                                                                                                                                    MD5:C56D29BCF5FB38EA25AB1A855690F9A9
                                                                                                                                                                                    SHA1:F3161F2890971EF929473C58654DAC0718983957
                                                                                                                                                                                    SHA-256:68A04BAE37629675C49D9AAEB68A1DA974AAC427B61151A18F3210499702202D
                                                                                                                                                                                    SHA-512:551A72041772737139190894F5DEE50963F5597A2271BD2E94AF390CAE34967CC435BF5504601C061CF6C2CCCCD19E7BB708538A6789F185412FC715E85D54BE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........,...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..5..w..5..y..5..z.$5..|.*5..}.<5....D5....I5....Q5....Y5....a5....h5....o5....v5....w5....x5.....5.....5.....6....96....n6....p6....t6.....6.....6.....6.....6.....6.....7....47....;7....>7....?7....I7....U7....n7....|7.....7.....7.....7.....7.....7..*..8..+..8..,.$8../.L8..0.U8..1..8..2..8..3..8..4.#9..5.T9..6..9..7..9..>..:..?.$:..N.E:..g.[:..i.^:..j.b:..k.g:..l.u:...Iz:...I.:...I.<...I.<...JU<...Jc<...Jo<...J.<...J.<...J.<...J.=...J.=...Jw=...J.=...J.=...J.=...J.=...J.>.. J.>..!J.>.."J.>..#J ?..$J,?..%J]?..&J.?..'J_@..(J.@..)J.A..*J.A..+J.A..,J.B../J<B..0J.B..1J.D..2J.D..3JBD..5J.D..6JrE..7J.F..8J.F..9J.F..:J.F..;J.J..<JRK..=J.L..>J-M..@JbM..BJnM..CJ.M..DJ.M..EJ.M..FJ.M..KJZN..LJ.N..MJLO..NJuO..OJ.O..PJ.O..QJrP..RJ.P..SJpQ..TJ.Q..WJsR..ZJ.R..[J.R..\J.R..]J.R..^J.R.._J.S..`JDS..aJfS..bJgS..cJ.S..dJ.S..eJ.S..fJ T..gJmT..hJ.T..iJ.T..kJ.T..mJ.T..nJ.U..oJ.U..pJRU..qJ'V..tJ.Z..wJ)[..xJ^[..yJ.[..zJ.[..{J.[..}J.\...J$\

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sv.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):98495
                                                                                                                                                                                    Entropy (8bit):5.49554714075014
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:49G15Swi3ANlCXU8qwJ4Ey9HdSfvlALur/WLdP/ldO12D2CMqeLKBqQOPXE9b3cY:JTvi3AKT8OCbU+Vn3
                                                                                                                                                                                    MD5:2BEFBABEABBBAE5E7C57934ACC5CD41F
                                                                                                                                                                                    SHA1:D48E9FD4D73627F4DCC57EC31924D97F6FD6B8D1
                                                                                                                                                                                    SHA-256:C63E812FEE929492974C9B5DFA14A7587258E6FABED355A105015B296246B068
                                                                                                                                                                                    SHA-512:8E06850701C6BC2A4A5ED8B9D59F68B68D631BE7B037E2DF2A738B5A44D36A37B1419E739341A00EE7681249A434CA69BA53BBC58FF0F204322F7DFDE2D43405
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.j4..k.y4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5....$5....)5....15....95....A5....H5....O5....V5....W5....X5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6....&6....-6....06....16....96....A6....L6....R6....Z6....e6....q6....x6.....6..*..6..+..6..,..6../..6..0..6..1..7..2..7..3..7..4.>7..5.S7..6..7..7..7..>..7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.8...I.8...I.8...J.8...J.8...J.8...J.8...J.9...J.9...J19...J?9...Jz9...J.9...J.9...J.9...J.9...J.9.. J.:..!J&:.."J8:..#JD:..$JI:..%Jg:..&J.:..'J.:..(J[;..)J.;..*J.;..+J.<..,J.<../J9<..0J.<..1Jb=..2Jt=..3J.=..5J.=..6J(>..7J.>..8J.>..9J.>..:J.>..;J.?..<J.@..=J.@..>J.@..@J.A..BJ.A..CJ.A..DJ.A..EJ&A..FJMA..KJ.A..LJ.A..MJ.B..NJ1B..OJAB..PJgB..QJ.B..RJ.B..SJHC..TJoC..WJ.C..ZJ.D..[J.D..\J!D..]J'D..^J*D.._JAD..`JWD..aJrD..bJsD..cJ.D..dJ.D..eJ.D..fJ.D..gJ0E..hJEE..iJYE..kJ`E..mJ|E..nJ.E..oJ.E..pJ.E..qJ.F..tJeG..wJzG..xJ.G..yJ.G..zJ.G..{J.G..}J.H...J.H

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\sw.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):100164
                                                                                                                                                                                    Entropy (8bit):5.339155264286809
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:AUaDx9XlYKed5nDi5jXmQtVPGoHLeH+jKHw9E:AU8MnDiZmIVaH+jKHw9E
                                                                                                                                                                                    MD5:2490296567A1CD3C7B0852E1ED7D115D
                                                                                                                                                                                    SHA1:04B527742CEA9487344AE08C463D6FD4BA16B1CE
                                                                                                                                                                                    SHA-256:8B07BFAFA5C97BE2DA9B6146535B7848D88A44D43A45AB06DFAE286D93FD64CE
                                                                                                                                                                                    SHA-512:B930C14847012E12BB19BF217C79516C569FC163204D9C2B21A36F6F5061A50C3EC057882970517FC3BC4BEEBCF3D1B1402CCD521404CBA827309940A5496B3F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.^4..k.m4..l.x4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..5.....5.....5....%5....-5....55....<5....C5....J5....K5....L5....p5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6....%6....;6....B6....E6....F6....M6....R6....Y6....^6....e6....q6....{6.....6.....6..*..6..+..6..,..6../..6..0..6..1.+7..2.A7..3.K7..4.a7..5.~7..6..7..7..7..>..7..?..7..N..8..g..8..i..8..j. 8..k.%8..l.+8...I/8...Ib8...I69...I;9...J^9...Jb9...Jp9...Jy9...J.9...J.9...J.9...J.9...J.:...J.:...J*:...J1:...JJ:...JV:.. J.:..!J.:.."J.:..#J.:..$J.;..%J.;..&JM;..'J.;..(J%<..)J.<..*J.<..+J.<..,J.<../J.=..0J.=..1Jt>..2J.>..3J.>..5J.>..6J.?..7J.?..8J.?..9J.?..:J.?..;J.@..<J~A..=J.A..>J+B..@JGB..BJMB..CJYB..DJiB..EJsB..FJ.B..KJ.B..LJ.C..MJvC..NJ.C..OJ.C..PJ.C..QJ'D..RJoD..SJ.D..TJ.D..WJkE..ZJ.E..\J.E..]J.E..^J.E.._J.E..`J.E..aJ.E..bJ.E..cJ.F..dJ.F..eJ3F..fJSF..gJ.F..hJ.F..iJ.F..kJ.F..mJ.F..nJ.F..oJ.G..pJ+G..qJsG..tJ.H..wJ.H..xJ.H..yJ!I..zJ*I..{JCI..}J`I...JiI...J.I

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\ta.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):251131
                                                                                                                                                                                    Entropy (8bit):4.183819952310117
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:ow9AvDLcYemZ9w7towiy+bvnTDE2k4ca6QVW0LlGJfB1okotPttRmL+EG5aIAuwA:39I/cXmHw2tRBp
                                                                                                                                                                                    MD5:8C8B63DFB6DBF75603D3E2E4FE981F9D
                                                                                                                                                                                    SHA1:3E7C9A1A01526367B016DF20822A41E430328E94
                                                                                                                                                                                    SHA-256:22EB9D73331E92C898B27546A9E775FA8DF0FDADA391734A9291B2A016662652
                                                                                                                                                                                    SHA-512:978AF09738B4E00BA58F91B82DB6CD455FFB3CB4951C25ABAF79B8159C6FCD9212348373EF5A5A421F9FF5B4604A3F5B54AEA3257DCF566807B6A84824CA54BC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.`4..k.o4..l.z4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..5..}..5.....5.....5....'5..../5....75....>5....E5....L5....M5....N5.....5.....6....D6.....6.....6.....6.....6.....7....(7....G7.....7.....7.....7....38....:8....=8....>8....\8....z8.....8.....8.....8.....8.....9....,9....u9..*..9..+..9..,..9../..9..0..:..1..:..2..:..3..:..4.J;..5..;..6.m<..7..<..>..=..?..=..N.S=..g.l=..i.o=..j.s=..k.x=..l..=...I.=...I.=...I.?...I.?...JE@...JW@...Jo@...J.@...J.@...J.@...J'A...JTA...J.A...J.B...J2B...J>B...JsB...J.B.. JfC..!J.C.."J.C..#J,D..$JGD..%J.D..&J3E..'J.F..(J.G..)J.I..*JTI..+J.I..,J&J../JsJ..0J.K..1J.N..2J.N..3JeN..5J.O..6JiP..7JkQ..8J.Q..9J.R..:J.R..;J$U..<JUV..=JcW..>JcX..@J.X..BJ.X..CJ.Y..DJ.Y..EJIY..FJ.Y..KJ.Z..LJ.Z..MJ.[..NJ(\..OJ.\..PJ.]..QJE^..RJ._..SJ._..TJn`..WJ.b..ZJ{b..[J.b..\J.b..]J.b..^J.b.._J.c..`Jac..aJ.c..bJ.c..cJ.c..dJ.c..eJ2d..fJ.d..gJ.e..hJ.e..iJ.e..kJ(f..mJ.f..nJ.f..oJ.f..pJ=g..qJ<h..tJel..wJ.l..xJ.l..yJrm..zJ.m..{J.n..}JCn...Jen

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\te.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):233512
                                                                                                                                                                                    Entropy (8bit):4.394219369228384
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:O9cJA6UspbDcUSanSBXvQBgIiCQvWSsxU/dUVo9wLwxEE:ocJA6UspbDcUSanSBXvQBgIiCQvWSsxU
                                                                                                                                                                                    MD5:C370F82FF93880C0F32E63CECA8F1050
                                                                                                                                                                                    SHA1:A1190895EA7E699621F930C9B4B672B786FE1D9A
                                                                                                                                                                                    SHA-256:2DD8A542EE0778EE39639380208C584D9EEC8932D1307BD5563E1EAB320FE0D8
                                                                                                                                                                                    SHA-512:BE8FEBB9CE42731F6F3DBE0775D2BAE10267F0790CE7BB8B437C4DD5E736FC28772812231B0A4A39B28DAFC63D54D27FBBFD94375DBCEB317FC43DEBBD566844
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........*...j..4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..5..y..5..z. 5..|.&5..}.85....@5....E5....M5....U5....]5....d5....k5....r5....s5....t5.....5....+6...._6.....6.....6.....6.....6.....7....:7....k7.....7.....7.....7.....8.....8...."8....$8....K8....r8.....8.....8.....8.....8.....8.....9....^9..*..9..+..9..,..9../..9..0..9..1..:..2..:..3..:..4..;..5.w;..6..;..7.)<..>..<..?..<..N..<..g..<..i..<..j..<..k..=..l..=...I.=...I.=...Ig?...I.?...J.?...J.?...J.@...J)@...Js@...J.@...J.@...J.A...J.A...J.A...J)B...JBB...J~B...J.B.. JuC..!J.C.."J.D..#JID..$JgD..%J.D..&J.E..'J8F..(J@G..)JeH..*J.H..+J.H..,J.I../JoI..0J&K..1J'M..2J>M..3J.M..5J.N..6JhO..7JBP..8J~P..9J.P..:J.Q..;JYS..<JDT..=J"U..>J.U..@JPV..BJlV..CJ.V..DJ.V..EJ.V..FJRW..KJ)X..LJ.X..MJ.Y..NJ.Y..OJAZ..PJ.Z..QJ.[..RJI\..SJ.]..TJi]..WJ.^..ZJ.^..[J._..\J1_..]J:_..^JR_.._J._..`J._..aJ6`..bJ7`..cJ~`..dJ.`..eJ.`..fJ/a..gJ.a..hJ.b..iJnb..kJ.b..mJ.b..nJ.b..oJ.c..pJxc..qJOd..tJ.g..wJ.g..xJ"h..yJ.h..zJ.h..{J.i..}JEi...J.i

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\th.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):199961
                                                                                                                                                                                    Entropy (8bit):4.471892692957686
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:aMMGozCJFkcSCkIOBrQrUXFIw3reJZK8Q9w1p7ETsGpY0bhdxPtA0kC5/0:aMMnzsFkcSCkIOBrQrUXFIw3reJZK8Qm
                                                                                                                                                                                    MD5:F265EC50E0EB62893FBC187C1C962DD9
                                                                                                                                                                                    SHA1:5A60FF7287E5D4E35F000D229A4CBB37DB76ACC0
                                                                                                                                                                                    SHA-256:CFFD61F7954CA10038529D14FDA6A4E34C8EA1A9F202EAD0B0C2DB93143EF485
                                                                                                                                                                                    SHA-512:696140D16655B6D1C17D59B3E280F3F387ADB8AD58C4A0D369925BD01CF03A3FD934C3B8E02E9E868BB64F81E7CFBFA532E732D1CD705C52C7B0F588765ECBEA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.,4..k.;4..l.A4..o.I4..p.V4..q.\4..r.k4..s.|4..t..4..v..4..w..4..y..4..z..4..|..4..}..4.....4.....4.....4.....4.....4.....5.....5.....5.....5.....5.... 5....k5.....5.....5.....6....R6....T6....X6....j6.....6.....6.....6.....6.....7....17....87....;7....Y7....z7.....7.....7.....7.....7.....7.....7.... 8..*.A8..+.D8..,.U8../..8..0..8..1..9..2.J9..3.b9..4..9..5..9..6.q:..7..:..>..:..?..:..N..;..g.';..i.*;..j..;..k.3;..l.P;...IU;...I.;...I.=...I;=...J.=...J.=...J.=...J.=...J.>...J.>...Je>...J.>...J.?...J1?...J.?...J.?...J.?...J.?.. J}@..!J.@.."J.@..#J.A..$J0A..%J`A..&J.A..'J.B..(J.C..)J.D..*J(E..+JuE..,J.E../J.E..0J.G..1J.H..2J.H..3J.I..5JmI..6JBJ..7J.K..8J,K..9JVK..:J.K..;J.N..<J.O..=J.O..>JlP..@J.P..BJ.P..CJ.P..DJ.P..EJ.Q..FJXQ..KJ.Q..LJ5R..MJ#S..NJIS..OJgS..PJ.S..QJtT..RJ&U..SJ.U..TJ.V..WJ6W..ZJ.W..\J.W..]J.W..^J.W.._J.W..`JAX..aJbX..bJcX..cJ.X..dJ.X..eJ.X..fJ.X..gJUY..hJlY..iJ.Y..kJ.Y..mJ Z..nJ/Z..oJCZ..pJ.Z..qJ.[..tJ.^..wJ.^..xJ.^..yJx_..zJ._..{J._..}J.`...J&`...J=a...J.a

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\tr.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):103632
                                                                                                                                                                                    Entropy (8bit):5.620092397160877
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:uTJeZiainAmSngesR/Rv2NEiOwi1PNpskBa5Y8GKhEtJj3:bZMAe8NEhwiBNps2r
                                                                                                                                                                                    MD5:D8373D7BC1BDEE4CFB48D85694A78FF9
                                                                                                                                                                                    SHA1:323408E39B2C953728420E5F21B1D1EB25DE6C2B
                                                                                                                                                                                    SHA-256:B1B66BFEC0AFF21C64EC8BA3F19008501F196F80E7E41B2E8AE73114357DF458
                                                                                                                                                                                    SHA-512:6960D7C0481985E0F151D66D047A02E7C31CDD670AFD71A0A3949B9B0AB9E083A5CA55FAA48E38C8793EBBF1218A4503043867D1999B163A923E5AFCE8058888
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........"...j.v4..k..4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..5..z..5..|..5..}.(5....05....55....=5....E5....M5....T5....[5....b5....c5....d5.....5.....5.....5.....5.....5.....5.....6.....6.....6....#6....36....E6....\6....u6....|6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0..7..1.T7..2.a7..3.o7..4..7..5..7..6..7..7..8..>.%8..?..8..N.<8..g.G8..i.J8..j.N8..k.S8..l.Y8...Ib8...I.8...Ir9...I~9...J.9...J.9...J.9...J.9...J.9...J.9...J.9...J.:...JP:...Je:...Jr:...Jx:...J.:...J.:.. J.:..!J.;.."J.;..#J#;..$J(;..%J;;..&J];..'J.;..)JP<..*Jc<..+J.<..,J.<../J.<..0JE=..1J.>..2J.>..3J*>..5Jj>..6J.>..7JB?..8JW?..9Ji?..:J.?..;J.@..<J/A..=J.A..>J.A..@J.A..BJ.A..CJ.B..DJ.B..EJ.B..FJCB..KJ.B..LJ.B..MJ.C..NJ8C..OJQC..PJ.C..QJ.C..RJ/D..SJ.D..TJ.D..WJ2E..ZJ[E..[JaE..\JiE..]JkE..^JoE.._J.E..`J.E..aJ.E..bJ.E..cJ.E..dJ.E..eJ.E..fJ.F..gJdF..hJ{F..iJ.F..kJ.F..mJ.F..nJ.F..oJ.F..pJ.G..qJUG..tJ.H..wJ.H..xJ.I..yJ9I..zJEI..{JfI..}J.I...J.I...J.J

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\uk.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):171613
                                                                                                                                                                                    Entropy (8bit):5.007044552893733
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:fxJB3IjwWDCj+KU/TI7Yf7/QLNiXMMQOCqbCEb4UdL+v:5JB3IjwSrILNiXMoCqbbW
                                                                                                                                                                                    MD5:E87CBE2CFFA7D3A95A8F837231D6F44F
                                                                                                                                                                                    SHA1:40F7D1602B47C7A7AD445FE04377E3145F8CAFF7
                                                                                                                                                                                    SHA-256:FA035595C375522D09F9DE5A545F5339FCD3DDB224FB19F1828A7958B7DFF3E8
                                                                                                                                                                                    SHA-512:4A8B970B50DA8B92B824C92C6075C8B4440826DA5A581C91AD6E5B78BC65E3B80BE0080E4FBB20AD91E3EE30F8A3A05CA6925E93C76C8D2474CDB9A8825ACC74
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.h4..k.w4..l..4..n..4..o..4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..5..|..5..}..5...."5....'5..../5....75....?5....F5....M5....T5....U5....V5.....5.....5.....5.....6....^6....`6....d6....v6.....6.....6.....6.....6.....7..../7....67....97....:7....J7....\7....n7....|7.....7.....7.....7.....7.....7..*..8..+..8..,.#8../.g8..0.y8..1..8..2..8..3..9..4.M9..5.|9..6..9..7..9..>.$:..?.3:..N.T:..g.`:..i.c:..j.g:..k.n:..l.z:...I.:...I.:...I.<...I0<...Jw<...J.<...J.<...J.<...J.<...J.<...J.=...J%=...J.=...J.=...J.=...J.=...J.=...J.=.. J.>..!J.>.."J.>..#J.?..$J.?..&JJ?..'J.?..(J.@..)JnA..*J.A..+J.A..,J.B../JUB..0J0C..1JoD..2J.D..3J.D..5J.E..6J.E..7J{G..8J.G..9J.G..:J.G..;J.L..<J.N..=J.O..>J.O..@J.P..BJ.P..CJ>P..DJWP..EJtP..FJ.P..KJ>Q..LJ.Q..MJ%R..NJLR..OJxR..PJ.R..QJ|S..RJ.S..SJoT..TJ.T..WJ.U..ZJ.V..\J/V..]J;V..^JAV.._JxV..`J.V..aJ.V..bJ.V..cJ.V..dJ.V..eJ9W..fJsW..gJ.W..hJ.X..iJLX..kJ[X..mJ.X..nJ.X..oJ.X..pJ.X..qJ.Y..tJ(`..wJ]`..xJp`..yJ.`..zJ.`..{J.a..}J7a...JRa...J.b...Jfb

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\vi.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):122329
                                                                                                                                                                                    Entropy (8bit):5.79701593057625
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:2KqJQj44KMPnMpPiz+sEqOa2WYmc/14Ca1bNeqhzi5OZpW8uTtdLpFeSZTzeNQ:86Zac1bNjzioZWN1
                                                                                                                                                                                    MD5:DBF8363FE244C7D45D44E987D7194566
                                                                                                                                                                                    SHA1:C3BF0058F956FBD6FA0AD89218A22C7668964B30
                                                                                                                                                                                    SHA-256:044C48581C2395A8EB0F85B5905E1B4CCE1FC1FEF2196710CEF06E197AFDFA99
                                                                                                                                                                                    SHA-512:0953C455581F045A17E2AE35712487F36603B942F754805011047E4DCF531062D1DC1C8755F022177F7E21B7AB52FA71DB5EAC7C524424E1E5A2563429318E34
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.L4..k.[4..l.f4..n.n4..o.s4..p..4..q..4..r..4..s..4..t..4..v..4..w..4..y..4..z..4..|..4..}..4.....5.....5.....5.....5....#5....*5....15....85....95....:5....]5....n5.....5.....5.....5.....5.....5.....5.....5.....5.....6....'6....76....O6....V6....Y6....Z6....c6....l6....x6....~6.....6.....6.....6.....6.....6..*..6..+..6..,..6../..7..0.'7..1.[7..2.h7..3.s7..4..7..5..7..6..7..7..7..>.&8..?.28..N.T8..g.Z8..i.]8..j.a8..k.f8..l.o8...It8...I.8...I.9...I.9...J.9...J.9...J.9...J.:...J*:...J6:...JX:...Jh:...J.:...J.:...J.:...J.;...J.;...J.;.. J~;..!J.;.."J.;..#J.;..$J.;..%J.;..&J3<..'J.<..(J@=..)J.=..*J.=..+J.>..,J.>../J3>..0J.>..1J.?..2J.?..3J.@..5JA@..6J.@..7J)A..8J@A..9JQA..:JsA..;J.B..<J?C..=J.C..>J.D..@J*D..BJ/D..CJ8D..DJKD..EJUD..FJ.D..KJ.D..LJ.D..MJzE..NJ.E..OJ.E..PJ.E..QJWF..RJ.F..SJ.G..TJCG..WJ-H..ZJ_H..[JjH..\JsH..]JyH..^J}H.._J.H..`J.H..aJ.H..bJ.H..cJ.H..dJ.H..eJ.I..fJ5I..gJ.I..hJ.I..iJ.I..kJ.I..mJ.J..nJ$J..oJ3J..pJKJ..qJ.J..tJ.L..wJ.L..xJ.M..yJMM..zJUM..{JzM..}J.M...J.M

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\zh-CN.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):90960
                                                                                                                                                                                    Entropy (8bit):6.704102795095848
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:fS4xPz13JLazuzqWI3EnkHhE9vcolEclL:K4Zz13euz3+B8pl9L
                                                                                                                                                                                    MD5:D9FB680D115846809114DE2B35AB4CE3
                                                                                                                                                                                    SHA1:D1F68E0181233C98FFBE91B09910B9D87C1E35EB
                                                                                                                                                                                    SHA-256:690DAFDEB5BE360E8B3A84C711D0D48B3CFC74C871B89A8F03F8058738CA9834
                                                                                                                                                                                    SHA-512:5968BBA15BEBF047DF19B519DA87BDE959CCF1E564012043EA390B3C1E572BBAED79B8BE6BFB884F4F9DA8F1C25F3E6709D6620C582910DEAF723906FDB04525
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j.&4..k.54..l.<4..m.D4..o.J4..p.O4..q.U4..r.d4..s.u4..t.~4..v..4..w..4..|..4..}..4.....4.....4.....4.....4.....4.....4.....4.....4.....5.....5....55....>5....J5....\5....n5....p5....t5....z5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.....6.....6...."6....66..*.?6..+.B6..,.o6../..6..0..6..1..6..2..6..3..6..4..6..5..7..6.F7..7.[7..>.p7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...Ia8...Ig8...J.8...J.8...J.8...J.8...J.8...J.8...J.8...J.9...JE9...JW9...Ji9...Jo9...J~9...J.9.. J.9..!J.:.."J.:..#J.:..$J$:..%J3:..&JZ:..'J.:..(JT;..)J.;..*J.;..+J.<..,J.<../J0<..0J.<..1Je=..2Jv=..3J.=..5J.=..6J.>..7J.>..8J.>..9J.>..:J.>..;J.?..<J.@..=JZ@..>J.@..@J.@..BJ.@..CJ.@..DJ.@..EJ.@..FJ.A..KJNA..LJlA..MJ.A..NJ.A..OJ.B..PJ<B..QJ.B..RJ.B..SJ7C..TJhC..WJ.D..ZJ3D..[J9D..\J?D..]JBD..^JED.._J]D..`JuD..aJ.D..bJ.D..cJ.D..dJ.D..eJ.D..fJ.D..gJHE..hJ\E..iJkE..kJwE..mJ.E..nJ.E..oJ.E..pJ.E..qJ.F..tJ.G..wJ.G..xJ.G..yJ.G..zJ.H..{J.H..}J<H...JHH...J.H...J.H

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\locales\zh-TW.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):90921
                                                                                                                                                                                    Entropy (8bit):6.701067465304723
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:Nx0gkZ46QB0MYZ2wcxAhdmDMQ+23mVcb7/8sfjkMQP1Rh5u/UxLiow5No4V3XiP9:PXkZkaMs2TAhdmSYkg35N/9XiPm45ycd
                                                                                                                                                                                    MD5:D0141FD3E851CDB790549C069A76ABCD
                                                                                                                                                                                    SHA1:3DA3787A8EA94AA066C5E5D17E42481330E0CAFF
                                                                                                                                                                                    SHA-256:8187E67CDE3292C6F18EA0A40F8F8D3F2CD604E62FEEC9EC40C71B5D2BCDEC9D
                                                                                                                                                                                    SHA-512:947E19E8FAD3A761E5E1D0380547A8F9BC06F28CF8103D80865EB9CED9E3ED3D601BD92710EF1CB9FA68D56EB62AE95C1AAD78145D455BCB6DDA1B8C280F4162
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............j. 4..k./4..l.:4..n.B4..o.G4..p.O4..q.U4..r.d4..s.u4..t.~4..v..4..w..4..y..4..z..4..|..4..}..4.....4.....4.....4.....4.....4.....4.....4.....5....95....B5....N5....]5....l5....p5....t5....z5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....5.....6.....6.....6...."6....(6.....6....B6..*.K6..+.N6..,.~6../..6..0..6..1..6..2..6..3..6..4..6..5..7..6.T7..7.i7..>.{7..?..7..N..7..g..7..i..7..j..7..k..7..l..7...I.7...I.7...I.8...I.8...J.8...J.8...J.8...J.8...J.8...J.8...J.9...J'9...Jc9...Ju9...J.9...J.9...J.9...J.9.. J.9..!J-:.."J<:..#JH:..$JN:..%J`:..&J.:..'J.;..(Jr;..)J.;..*J.;..+J*<..,J6<../JE<..0J.<..1Js=..2J.=..3J.=..5J.=..6J'>..7J.>..8J.>..9J.>..:J.>..;J.?..<J.@..=J`@..>J.@..@J.@..BJ.@..CJ.@..DJ.@..EJ.@..FJ.A..KJDA..LJeA..MJ.A..NJ.A..OJ.A..PJ.B..QJtB..RJ.B..SJ.C..TJ+C..WJ.C..ZJ.C..[J.C..\J.C..]J.C..^J.C.._J.D..`J5D..aJMD..bJND..cJ]D..dJ`D..eJ.D..fJ.D..gJ.D..hJ.E..iJ.E..kJ.E..mJ8E..nJ>E..oJOE..pJdE..qJ.E..tJXG..wJuG..xJ.G..yJ.G..zJ.G..{J.G..}J.G...J.G...JTH...J.H

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources.pak

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5086580
                                                                                                                                                                                    Entropy (8bit):7.950996931086051
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:y300L4ikWDclBYMiqOs7y33cJIVh1uiUdrwruUFJ7rK5zkIFvd4XT8:a0Q4ivKYMDJOh8iqkruUXrK5N
                                                                                                                                                                                    MD5:D22A5445F36B9FFAAFC235E56AE90456
                                                                                                                                                                                    SHA1:C6ACEFDF31E440C71FF830EB9150EFE69775EC63
                                                                                                                                                                                    SHA-256:7B94D96C56DF3635CD72EAC4F970FE3B2DF97749427A4E7986612D86AAE4B6A8
                                                                                                                                                                                    SHA-512:DEC6C599ED1045C962A4BD52904EACE69C0D323EE68E4ED67B56185EA36712FA4CCF138E7F9552F6483C9C62D5D63E98CBD61B1A0C84A4E6F5F625BC58463673
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........+...f.D...h.M#....U#....Z#...,.&...,.....,.0...,.A...,%K...,.R...,.U...,Z[...,.]...,.`...,.`...,.b...,.b...,.d...,.i...,Dn...,.x...,M....,.....,.....-m....-.....-X....-.....-....-.....-....-.....-n....-.....-.....-"....-.....-.....-.....-b....-.....-.....-.....-P#...-I(...-.<.. -.?..!-{@.."-.C...0.H...0.S...0.T...0.W...0.\...0.e...0?g...0ei...0.}...0.....0.....0\....0.....0....0 ....0B....0.....0.....0s....0.....0V....0.....0.....0.....0.....0K....0/....0r....0.....0.....0n....0.....0.....0a....0\....0,!...0.4...0.@...0Gl...0.s...0.....08....0H....0.....0p....0....0,....0.....0H....1.....1.....1.....1z....1i....1.....1.....1,....1<....1.....3.....3.....4.....4!....4.....4i....4.....4.....41....4D....4~....4G....4+....4L....4.....4C....4.!...4qL...4[Q...4.X...4$b...4.d...4.f...4.j...4.q...4.y...4W....4$....@.....@<....@.....@.....@.....@.....@B....@.....@."...@j'...@.,...@.6...@4=...@.O...@8b...@.h...@Xm...@....@.....@....@!....@f....@....@'....@.....@.....@....@.....@1.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):33533261
                                                                                                                                                                                    Entropy (8bit):6.983309746822775
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:786432:AiT5S95DFscBz4mm8kQ1DyAsDlmV5lx5/83tIyS:sUQDy7lq5lx5/89HS
                                                                                                                                                                                    MD5:DF6EDEB9D99EFAB9F1763F8B7B4AF1D4
                                                                                                                                                                                    SHA1:76BCDE2C502088E91CD4D2E5D221689A6D65F5F4
                                                                                                                                                                                    SHA-256:33276A92077D6988065CD0AAFCE5485AE1334A997C4EE389C595842B0EFCB192
                                                                                                                                                                                    SHA-512:6B2D07099B379E772E6B91B4441E4C8C730A1BC5EE7BEF6DD51225B18B670DCE0E25D5AC3EB14D29EB8F774E06348F08E672DEC81628F1CDE44C7885A4A0AE0C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.............{"files":{"index.html":{"size":3436,"offset":"0"},"main.js":{"size":124517,"offset":"3436"},"package.json":{"size":2792,"offset":"127953"},"screenshot":{"files":{"index.html":{"size":1672,"offset":"130745"},"screenshot.js":{"size":17234,"offset":"132417"},"style.css":{"size":2157,"offset":"149651"}}},"assets":{"files":{"audio-meter.js":{"size":1943,"offset":"1471702"},"draft.dev.js":{"size":173138,"offset":"153751"},"draft.js":{"size":167143,"offset":"1473645"},"emoji-toolkit.js":{"size":385244,"offset":"1640788"},"owt-sdk.js":{"size":237312,"offset":"2026032"},"socket.io.js":{"size":62384,"offset":"2263344"},"tiny-pinyin.js":{"size":8822,"offset":"2325728"},"webrtc-adapter.js":{"size":129654,"offset":"2334550"},"webview-preload.js":{"size":505,"offset":"2464204"},"srs":{"files":{"srs.sdk.js":{"size":20469,"offset":"2464709"}}},"highlight":{"files":{"custom-lang-list.json":{"size":346,"offset":"2485178"},"highlight.css":{"size":3127,"offset":"2485524"},"highlight.js":{"

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2339216
                                                                                                                                                                                    Entropy (8bit):5.935167406749005
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:iLSYDuAhokCBDCxayOkHghUnBzQSJPoQPvZ+bvPP7aBnOSTB79F:BaorA5HPoQPvZ+bvPP7aBnOSZ
                                                                                                                                                                                    MD5:4BEC9A3145BDF3E70E3F85D6DC96D20D
                                                                                                                                                                                    SHA1:B5BFA0123478506F1E6CD8DFBF9C493AE5488915
                                                                                                                                                                                    SHA-256:4B4DC187C6AD2E5A31773F6B9054D979F0F9E6249EC175C4FC1DF6ED75AA10AB
                                                                                                                                                                                    SHA-512:728828D9E66641B43131FFF101A601B9FEB410F22220A03565B3120B607E89893E564B4E5710FB495A93307529B3F9C2FFB655D49567EA6372198823D2AD61C7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........!.......#......2...>.......,........@...............................%.....u.#.......................................................#.L....................p#..A...........................................................P..0............................text....0.......2..................`..`.data...`8...P...>...8..............@.../4...................v.................B/18.....Mi.......j...x.................B/30......b.......d.....................B/43..................F.................B/59.....K.... .........................B/75.....0............~.................B/90....................................B.idata..L.....#......(!.............@....symtab..A....#..B....!................B........................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\updater.win64.exe.manifest

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:exported SGML document, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1460
                                                                                                                                                                                    Entropy (8bit):4.9909596798699365
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:0dOwelYbiearle4+AsArDNM+VScrV3LyZ:CO3lTRlEmriyLE
                                                                                                                                                                                    MD5:B670384C4BFC5EE9B651BAF1889AF88A
                                                                                                                                                                                    SHA1:0A525730F3E51C03295C9973AF46909F0B75AA06
                                                                                                                                                                                    SHA-256:3BBFE9E6A2CC2648842566A9262A8C3B526D2A78E9882D085AA2097E2D3498FC
                                                                                                                                                                                    SHA-512:54022E7851BA80AC6C23A7BC58DED50EF8A1825B3ECA2E67B619FC6531FE3E2DD8AABF914489FEAE65FB5621482E01831AEC8B20B9AC95E24C317D441D742E14
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview: <?xml version="1.0" encoding="UTF-8"?>.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. Administrator -->. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">. <security>. <requestedPrivileges>. <requestedExecutionLevel level="requireAdministrator"></requestedExecutionLevel>. </requestedPrivileges>. </security>. </trustInfo>. DPI Aware -->. <asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">. <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">. <dpiAware>true</dpiAware>. </asmv3:windowsSettings>. </asmv3:application>. OSVersion -->. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">. <application>. Windows 10 -->. <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>. Windows 8.1/Windows Blue/Server 2012 R2 -->. <sup

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\D3Dcompiler_47.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3468176
                                                                                                                                                                                    Entropy (8bit):6.4462525831402
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:myZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQ3:z9fWAwVBC8MH2JNSF8+YPsXqUT3
                                                                                                                                                                                    MD5:5DCC1B349BA79639022FAD009EA6613D
                                                                                                                                                                                    SHA1:44B358A1BB912592A0E5832EC2DF4154AB7550F7
                                                                                                                                                                                    SHA-256:1248C8C8C98BBD8433A21892B15FDF17224A7F5E202B98277EA4390020602D66
                                                                                                                                                                                    SHA-512:2A2C0704B7DB6422E0726B07B4FCB1A381BE745D921FD96349EB878E611A99DEC51680BC2AC1FAF675BC7F72714F129194DB0977537D52D1135567BE1C20C777
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0.X.0.X.0.X=.DX.0.X=.EX.0.X..DX.0.X..FX.0.X.0.X.0.X..@X.0.X..EX.0.X..AX.0.X..XX@0.X..BX.0.X..GX.0.XRich.0.X................PE..L...n..R...........!......1.........7.0.......1..............................`5.....m.5...@...........................1.u... .2.d.....2.@.............4..A....2....p...............................h...@.............2. ............................text...%.1.......1................. ..`.data...<.....1..^....1.............@....idata........2.......1.............@..@.rsrc...@.....2.......1.............@..@.reloc........2.......2.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Core.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5309328
                                                                                                                                                                                    Entropy (8bit):6.855506589344062
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:93QkIHj14FdDhqJsv6tWKFdu9CjzHveRnZyxEdmY:9gdnJsv6tWKFdu9CjzHe7
                                                                                                                                                                                    MD5:89074A4117D80804F9D832A74FA633BE
                                                                                                                                                                                    SHA1:D6738BACB770ED0E3AC8D0662AB456EDEF6BD1F5
                                                                                                                                                                                    SHA-256:086A3BF1A105F9919B06A8D9ED662F6C0923B9249B3A4C5CE2F621B34F06B7B4
                                                                                                                                                                                    SHA-512:321A042D16AAFFC15789DE06691F4534B8B2C0149327170CB28EA07316048D9E9EEAD8BD7DC3AAC50F5D902E37840DBC72877EFAAEDA052F513A808A0351D78B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........V..8].8].8]...].8]..9\.8]A".].8]..=\.8]..<\.8]..;\.8]..<\.8]..>\.8]..9\.8].9]..8]E.<\.8]E.=\$.8]E.8\.8]E..].8]..].8]E.:\.8]Rich.8]........PE..L...2.}^...........!......'..").......%.......(....g.........................PQ......`Q...@...........................G.@...0.N.......O...............P..A....O......PE.T....................QE......QE.@.............(.X............................text.....'.......'................. ..`.rdata....&...(...&...'.............@..@.data...|.....O..J....N.............@....rsrc.........O......8O.............@..@.reloc........O......>O.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Gui.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5989776
                                                                                                                                                                                    Entropy (8bit):6.783582661022876
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:98oNJzx4w24LwWotu+PNlwL9PmEZ23Cec:nBbUuCPwNj2CR
                                                                                                                                                                                    MD5:26E939424E333CB2C71CADD5DF76AA40
                                                                                                                                                                                    SHA1:56A2B2FB7D0D11407B21EF5409E768D8735482A6
                                                                                                                                                                                    SHA-256:8B12AACF901A17A73E495C7277A1249C56C7C5DBBD0A64B85BDA54B9DAB043C9
                                                                                                                                                                                    SHA-512:B8D282BE49F70A9EC3A4EF9DFD7C9F8DF70DABF9D8B13D8363DAF0AFC2956FC29477C1D6DE41E791BB2DE678ADAEF23B992DD1665BACE1C9E8FF5D14B86EA66E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......?.f.{...{...{...r...m...)...q...)...w...)...c...)..........y... ...z... ...v...{...<......k.............z......z...{..z......z...Rich{...........................PE..L.....}^...........!....."7..d$.....b.7......@7...............................[.....^.[...@..........................n=.......V.h.....Y..............$[..A....Y......<.T.....................<.....8.<.@............@7..............................text.... 7......"7................. ..`.rdata...O ..@7..P ..&7.............@..@.data....c....W......vW.............@....rsrc.........Y......tX.............@..@.reloc.......Y......zX.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Network.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1126288
                                                                                                                                                                                    Entropy (8bit):6.688052987695129
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:hNfY4/b8d22Gmou3ZjRkjZgUPiV69DrOMxpqDc0EGQVzKaHBp:5Ad22GrziVaSDcka
                                                                                                                                                                                    MD5:57A3618E90618FA434325E478049E5E8
                                                                                                                                                                                    SHA1:C05081CAEE8BCCF27B0995EC3ABEC6B32234DBC5
                                                                                                                                                                                    SHA-256:757CE98E65ADE9D093D4E0D2DD9E03B279B1F0F9C5349DDE667060A973FFAE4D
                                                                                                                                                                                    SHA-512:CD59C3BDC57FB0FFFC690706A023FF24852997B4E67D854A23FC3D2A6B4FE49AEC79B142D88810AC4733986E57FFC4BE201B98272BB340DF3E100C53CE72C61C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........U.}...}...}....E..}.......}.......}.......}.......}.......}.......}..+....}...}..M~..+...7}..+....}..+.)..}...}A..}..+....}..Rich.}..........................PE..L.....}^...........!.........>.....................d.........................@............@.............................Ta...=..@....0...................A...@..|......T..........................H...@............................................text...?........................... ..`.rdata..............................@..@.data....9..........................@....rsrc........0......................@..@.reloc..|....@......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Svg.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):283024
                                                                                                                                                                                    Entropy (8bit):6.808702698000671
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:44II9g1KI2MdfiJl/13VytiQ8y8DvEt/Q7FYxyFUUv6Wa32VXxWFaHKX6PC:4P/V6Jd7LKqPC
                                                                                                                                                                                    MD5:3668B615E1F9E74F1BD238D1DD7B66F9
                                                                                                                                                                                    SHA1:4FF579439B2BE35E2B640F4EF987D7446E8C549C
                                                                                                                                                                                    SHA-256:43C7E9C2EE148497184EC7B91687B128E67B06EF3492B62674F029002477FDF5
                                                                                                                                                                                    SHA-512:0D713589572AD350126AFC1B017576612308772C80E4A0EE73C01D53D2B69F1E9682EFA56678E85058CCE575888DDE1A7FFA991324554EDB6A05F8266466BDE4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]..3...3...3.....3...2...3...2...3...6...3...7...3...0...3.!.2...3...2...3.!.6...3.!.3...3.!....3.......3.!.1...3.Rich..3.........................PE..L....I~^...........!.....d...........l.............f.........................P......x_....@.........................p....|...O...........................A.......9..P...T...................H...........@............................................text....c.......d.................. ..`.rdata..B].......^...h..............@..@.data...D...........................@....rsrc...............................@..@.reloc...9.......:..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\Qt5Widgets.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4606864
                                                                                                                                                                                    Entropy (8bit):6.823833501115706
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:81CmFlF05UMNO1ulAjhDfTbz7quDp+bXa6gYzdkSPD1UZlH6uV75uDdHBclxooGc:Cf59iJ5u
                                                                                                                                                                                    MD5:6ED28BE1C72C4EBFE33E7972F68C88F8
                                                                                                                                                                                    SHA1:6F5A4832C81DB6DBA7404FED05438E586F5E1AEA
                                                                                                                                                                                    SHA-256:2CAE494DC1E85E77DA97750A52A6A628560C8DB5C102E9A69E4C40A1BD4A74F6
                                                                                                                                                                                    SHA-512:62C6FE09C4B3BF3AF466F5DB575F2396C012DACE1B86A9F30529AA3F5C64B5EAA3600C0581482BAF16B7842524E912841581DC8617FD4C4E6FF4C57800D72DE2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......I|...............eK....._u......_u......_u......_u......Vu......Vu......t..........;...t.....t......t'.......O.....t......Rich............................PE..L...;.}^...........!.....&,..........',......@,....e.........................PF.....t.F...@.........................0.7..#..4.?.@.....B...............F..A....B..z....6.T.....................6.......6.@............@,..4...........................text....$,......&,................. ..`.rdata..d....@,......*,.............@..@.data........@B..h... B.............@....rsrc.........B.......B.............@..@.reloc...z....B..|....B.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\bearer\qgenericbearer.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):54672
                                                                                                                                                                                    Entropy (8bit):6.85148330274621
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:AEwY4mw54AJRsga0dTcGS6D1bXfpHzxiLNHzxpWZ:hwY/w5H00B9S6D1zpH8LNHWZ
                                                                                                                                                                                    MD5:8CB9E07E032A9D5F429838B31AA11C7B
                                                                                                                                                                                    SHA1:DACBA5E2C6679D3864C4154637AD00C25B7E6915
                                                                                                                                                                                    SHA-256:6882E74ABE76DF1FE3DE4798A3E1EAF57E1DA73D63D2DAA057F973ACC2355AAA
                                                                                                                                                                                    SHA-512:AA9E80BC9579F7B3768CAD5141DC5D43EEBBD0EC1625EDF7A237518072CAB323112E3D7F99A1BFAA5925E5352D1A90EDE0400F1D4388BC701C5F1A91549DF91B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./..@k..k..k..b...o..9...i..9...z..9...a..9...i....o..0...n..k.......m....j...~.j....j..Richk..........................PE..L.....}^...........!.....F...N.......L.......`............................................@..........................x..|....x..........P................A...........n..T....................o......8o..@............`...............................text....D.......F.................. ..`.rdata...7...`...8...J..............@..@.data...............................@....qtmetadj...........................@..P.rsrc...P...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\iconengines\qsvgicon.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):45968
                                                                                                                                                                                    Entropy (8bit):6.915502335912708
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:7E7X1LJChKSkvyOLvVkxeZvhMgpEk41tLHKENAMxdHKENAMxsmi:oT4K7jVk8ZvhM2Ek4fLHzxdHzxsmi
                                                                                                                                                                                    MD5:FA897443E4F32A8006CF7D4E41AC5958
                                                                                                                                                                                    SHA1:E095C2810925DE18EC7FD9B878DAFC2A298EB61D
                                                                                                                                                                                    SHA-256:125675D057A920272D8F6824F9562CA9D6E5CB557E515AD015FFC414FC459C39
                                                                                                                                                                                    SHA-512:FE2EF7705DA022E75882F020AB956C37EAA13E1C4AE7F3531FCFA7ABC59ED8C790D995FCE161A44057289DA8092A636FF3306BF1925FE6434DB83350AA438916
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W......W..V...W..V...W..R...W..S...W..T...W.P.V...W...V.Q.W.P.R...W.P.W...W.P.....W.P.U...W.Rich..W.........................PE..L....I~^...........!.....8...:.......>.......P.......................................o....@.........................p]..x....]..........H............r...A...........U..T....................U......XU..@............P..|............................text....6.......8.................. ..`.rdata..4&...P...(...<..............@..@.data................d..............@....qtmetadj............f..............@..P.rsrc...H............h..............@..@.reloc...............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qgif.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):42896
                                                                                                                                                                                    Entropy (8bit):6.872158904081046
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:4bB/xMPX85dEQQSudZ9gR98M5/UoxOShcNJdHKENAMxCHKENAMxk:4b3I+dVudZ28M5/3xOShmHHzxCHzxk
                                                                                                                                                                                    MD5:A385117245DDB79160E9DFB22E0E2596
                                                                                                                                                                                    SHA1:4AD497C125B14E35791D1D89F23E7E6817DC5B5C
                                                                                                                                                                                    SHA-256:B201274AD3EA440FA435145F58C77F7F723E411573F534E573C1333108CC2AAC
                                                                                                                                                                                    SHA-512:F2C18660776EE0DF34CEE6909C7F2F879CD658FA8B1CD26658D763B1A699B329CF3AB294B3035D8E1A5179488BE8760EE2A72AF6961481ACCB6C25D9551CA9CB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|...8d.[8d.[8d.[1.G[>d.[j..Z:d.[c..Z:d.[j..Z+d.[j..Z2d.[j..Z:d.[...Z=d.[8d.[Ud.[...Z;d.[...Z9d.[..+[9d.[...Z9d.[Rich8d.[........PE..L...n.}^...........!.....6...0.......<.......P............................................@..........................\..t...4]..........@............f...A......`...PT..T...................HU.......T..@............P...............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data........p.......X..............@....qtmetads............Z..............@..P.rsrc...@............\..............@..@.reloc..`............`..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qicns.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):51088
                                                                                                                                                                                    Entropy (8bit):6.913913193584348
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:RqZSHDIwGDb4WzFmm35+H3YEW1T/IzJBim6bNCHKENAMxcMT1HKENAMxIb43:znGPFmuEW1TgzJBim6bUHzxcM5HzxIc
                                                                                                                                                                                    MD5:60A5CE7F528CF5A621D50CCB9551C276
                                                                                                                                                                                    SHA1:3735AA6B65701F52F28C5CF1BA41A3D62D3178A1
                                                                                                                                                                                    SHA-256:C558BF3636E6434100A3E3FD0059D8F1E01332B07039830A6AF9986C3A96F31E
                                                                                                                                                                                    SHA-512:E0161B933839BEAC125202C9E0C6D846360086EAF424D5042349D944E82C9D477619D239AD9879AD476DB88D70578803C0BF5FE7D6E5B8EEAD25F9A3969D26C8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v...v...v.....v...w...v...w...v...s...v...r...v...u...v. .w...v...w.1.v. .s...v. .v...v. ....v. .t...v.Rich..v.........PE..L....I~^...........!.....D...D.......K.......`...........................................@.........................@r..t....r..........@................A...... ....i..T....................j.......j..@............`..<............................text....B.......D.................. ..`.rdata...(...`...*...H..............@..@.data...8............r..............@....qtmetadx............x..............@..P.rsrc...@............z..............@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qico.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):42896
                                                                                                                                                                                    Entropy (8bit):6.8860773507018616
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:vfCWKJEH+0wYyCqPWHy37BejWoC56sMPHKENAMx0HKENAMx0:Hl7+0w0QWHy37BejNC56sMPHzx0Hzx0
                                                                                                                                                                                    MD5:3874942FCC9A5DA64BBCA2C01C45CC57
                                                                                                                                                                                    SHA1:2E4EA65E6196CE07B3CA4F00CCF95D83466C02E6
                                                                                                                                                                                    SHA-256:7981A4AF429BEA106FC4C83FC2002F3A97D10F24B04BA7BE92242AA69A1EF183
                                                                                                                                                                                    SHA-512:38305C0473AAD6406AED2F4C7F2169E5BC908095C9051D9D058FAF5F3575735B67CD0517B374074C37ABA97D5ED7E8F4F5495467D6A61CA4C136E6C9E8DEFAC9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........1...b...b...b..Vb...b..c...b..c...b..c...b..c...b..c...b)..c...b...b0..b)..c...b)..c...b).:b...b)..c...bRich...b................PE..L...q.}^...........!.....0...6......86.......@......................................;6....@..........................M..t...$N..........@............f...A...........D..T....................E.......E..@............@...............................text............0.................. ..`.rdata..|"...@...$...4..............@..@.data........p.......X..............@....qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qjpeg.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):382864
                                                                                                                                                                                    Entropy (8bit):5.747959823101734
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:TgMI+xk4g+EAgi3RktRjDqrZsLOi5mAlGHqsA92VtgzBnnMacCV8W:k+zogktRd5jGKxb8W
                                                                                                                                                                                    MD5:EA24C98B482597E40D81F0BA8D57F486
                                                                                                                                                                                    SHA1:8EF732015565982416AE6D9A77A3664EE189AF5E
                                                                                                                                                                                    SHA-256:D292C82CD5BA940334EA41ACE41280F7F6B4B36021FDB3AF2193CDA4883662E0
                                                                                                                                                                                    SHA-512:A90321FC67FE6C0E789957260D94314296971E7ECA8C3971B5A3C38960FDB0E3592BCD5CC14522D334C1096AB621357FDB7CCA693D65999A1DD2E7F82AE4BBD4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J....v.Y.v.Y.v.Y..jY.v.Y\..X.v.YU..X.v.Y\..X.v.Y\..X.v.Y\..X.v.Y...X.v.Y.v.Y.v.Y...X<v.Y...X.v.Y...X.v.Y...Y.v.Y...X.v.YRich.v.Y........PE..L.....}^...........!................R...............................................u.....@.........................`u..t....u..........@................A...... ....l..T....................m......Hm..@............................................text...g........................... ..`.rdata..P...........................@..@.data................~..............@....qtmetad............................@..P.rsrc...@...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qsvg.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):38288
                                                                                                                                                                                    Entropy (8bit):6.8698142980138295
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:l59K0WZmBaxfz0Yu646rA9fJ0hTBmoHKENAMxy5HKENAMxC:UBZmB4oYu646rUh0hTBmoHzxkHzxC
                                                                                                                                                                                    MD5:19BE0EFF55B5D97D869D27B8B66B0F40
                                                                                                                                                                                    SHA1:FAE6C6F454E5043E9C055E50604E02E86C67835D
                                                                                                                                                                                    SHA-256:6D38720353B4C4CC939A2FFE5F6994BDEC6E1C0C21395CC2FC4901FEDBAD8667
                                                                                                                                                                                    SHA-512:9798808EFA4726EE7DE74CB8F61E895BBAE3E66AAA6C0DB58D230C73C59E4F923C9E4C6337F1F2C5778D41AE99FA154AA06222B41E9C7BAE579E365F1980C3C3
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p6...X...X...X..i....X.yY...X.yY...X.y]...X.y\...X.y[...X.PxY...X...Y..X.Px]...X.PxX...X.Px....X.PxZ...X.Rich..X.........PE..L....I~^...........!..... ...4.......&.......0............................................@..........................=..t....=..........@............T...A......(....4..T....................5.......4..@............0...............................text...w........ .................. ..`.rdata... ...0..."...$..............@..@.data........`.......F..............@....qtmetad.....p.......H..............@..P.rsrc...@............J..............@..@.reloc..(............N..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtga.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):37264
                                                                                                                                                                                    Entropy (8bit):6.87134604185068
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:tMtieINC1nEPOlW15ySr2UYHKENAMxWpwHKENAMxL3:mMetnEWlk5ySraHzxnHzxL3
                                                                                                                                                                                    MD5:88FEE290C428E486A78B237F4B27B7F7
                                                                                                                                                                                    SHA1:7EE1BEE2A2331013BDDCE12B640F343D1E4CC7B6
                                                                                                                                                                                    SHA-256:3F0694463FC5C9C8507379FEA25380EFF128B7980BA964A939EE06040079E51A
                                                                                                                                                                                    SHA-512:678628A4F41150F96360FB77B142CD5E1273227E99D9502D42AA22BA03D4AB9E5988E53B890281FECA7835FCF2C7C6B73C23A47481B071734C073DD46E1E5113
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._..._..._...V.n.Y.......].......].......N.......U.......\......Z..._...<......\......^......^......^...Rich_...........PE..L....I~^...........!.........2......|%.......0............................................@..........................?..t....?.......p..@............P...A......,....5..T....................6......(6..@............0...............................text...G........................... ..`.rdata..<....0... ..."..............@..@.data...L....P.......B..............@....qtmetadu....`.......D..............@..P.rsrc...@....p.......F..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qtiff.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):356752
                                                                                                                                                                                    Entropy (8bit):5.891538663927579
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:T8kpgJ4+mkXVTgmxadjwgMYxIzjtOSBsDEilzDZmmTedj1vMX:xS5msxa9wgMYxIzjESSDdQMX
                                                                                                                                                                                    MD5:DDEC0C42E2DA33B514E1204F090F39C5
                                                                                                                                                                                    SHA1:517BBC497C512389ADC5957F63AE55E1ADA5EEC8
                                                                                                                                                                                    SHA-256:DD0D13A90F057EEC23776AE550C01AEBEA06BB67CC3D895A7C87F82B24B80541
                                                                                                                                                                                    SHA-512:DD0A311DFD832545E91D7DA42559D7D5D1906314725EBB3D460E933140C0E1550033572446AE96AB97502DBCB633999C5061B6E317D6C027E5BECCAC97444BF5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..CW.CW.CW...W.CW..BV.CW..BV.CW..FV.CW..GV.CW..@V.CWL.BV.CW.BW|.CWL.FV.CWL.GV..CWL.CV.CWL.W.CWL.AV.CWRich.CW........PE..L....I~^...........!.........^...............................................p......x.....@.............................t............@..@............0...A...P..........T...........................h...@............................................text............................... ..`.rdata.../.......0..................@..@.data........ ......................@....qtmetad.....0......................@..P.rsrc...@....@......................@..@.reloc.......P... ..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwbmp.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):36240
                                                                                                                                                                                    Entropy (8bit):6.965757484295499
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:nDY63PGqCOYUShmPE2DtnCpWpJeHKENAMxRiNGHKENAMxR1:neqCOYQE2Jn4WpJeHzxRi0Hzxn
                                                                                                                                                                                    MD5:07EC2A9DB5A418C1AB1764F6D3EAABE2
                                                                                                                                                                                    SHA1:8B67354F2C3A45603ABCBBB28B06A0E6555AC928
                                                                                                                                                                                    SHA-256:E5BCC71445A60E7A09BA773A21866C6F258B165042A75C4286E929E3BB1C4024
                                                                                                                                                                                    SHA-512:0EBA69C45325ECC797DCFE0EAAA123BD91D7C750DAE5C3E51017EFC15987F7E86374CC3E58AB793B3B026181DC55BDEFFDC2240275B93726AC27952D157BA07B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W.G.9.G.9.G.9.N...C.9...8.E.9...8.E.9...<.V.9...=.M.9...:.D.9..8.B.9.G.8.,.9..<.E.9..9.F.9...F.9..;.F.9.RichG.9.................PE..L....I~^...........!.................%.......0.......................................z....@..........................<..t....=.......p..@............L...A.......... 4..T....................5......x4..@............0...............................text...w........................... ..`.rdata.......0......."..............@..@.data........P.......@..............@....qtmetad~....`.......B..............@..P.rsrc...@....p.......D..............@..@.reloc...............H..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\imageformats\qwebp.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):445328
                                                                                                                                                                                    Entropy (8bit):6.800670811406403
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:fvl6MS+E+D3l7+nhHQnjCLm0XwUTPciK+TXpWoOB3TyxWMeZEZdMxZ/EkcTd7F4m:Hl6MS+L7+nhlL3tKCWJyxR/ZtF4by
                                                                                                                                                                                    MD5:D0F1B3F467A73EDA65563F30301AB6EF
                                                                                                                                                                                    SHA1:178C1269F7B194268F4461515417DED0268AAA74
                                                                                                                                                                                    SHA-256:3787586DBB8D8799E39248E45D86A841FE9A140C03538ABFD0A6AEBC06992D1D
                                                                                                                                                                                    SHA-512:E89C6E155F565124842ABA3A586E567110A7FB5E86267D95C4CD4658506481896C9038DCFEE9AD7E8B5CD630BF0750D2CCF1D68C2647DF58EAD47F9AD505D7A7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.G.Y.G.Y.G.Y.N...M.Y...X.E.Y...X.E.Y...\.U.Y...].M.Y...Z.K.Y..X.B.Y.G.X...Y..\.E.Y..]./.Y..Y.F.Y....F.Y..[.F.Y.RichG.Y.........................PE..L....I~^...........!.....N...X......_F.......`............................................@.........................0T..t....T..........@................A......$#.. K..T....................L......xK..@............`..L............................text....M.......N.................. ..`.rdata.......`.......R..............@..@.data...L ...p.......\..............@....qtmetadv............^..............@..P_RDATA.. ............`..............@..@.rsrc...@............b..............@..@.reloc..$#.......$...f..............@..B................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libEGL.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32656
                                                                                                                                                                                    Entropy (8bit):6.951564659828381
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:QMPchoQXjM6ZhEfHKENAMx+LCSeHKENAMxEQCj:HchoQXY4hEHzx+LCxHzxEQCj
                                                                                                                                                                                    MD5:3116871B68407AE5BF93EE0C12E3ABA9
                                                                                                                                                                                    SHA1:D7F19B7177C0319AA15A78EBE44BD41F741D30CE
                                                                                                                                                                                    SHA-256:FC01281FB4EEB4A1D6AC78548C003389C7F1A0D2DA68C788FD8BCDE8F2173339
                                                                                                                                                                                    SHA-512:1458FA1ECEB50D575D206E37FBCDC7EF85E489DAE907D02FFBC06C33FB359AFED39983AABD0F25379D2FFEBF25F56A67A231D38A5F37AE41DDE402980B517D93
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0$.EQJ.EQJ.EQJ.L)..GQJ..9K.GQJ..9K.GQJ..9O.OQJ..9N.OQJ..9I.DQJ..8K.FQJ.EQK.!QJ..8O.DQJ..8J.DQJ..8..DQJ.EQ..DQJ..8H.DQJ.RichEQJ.........................PE..L.....}^...........!.........*...............0............................................@..........................5.......>..d....`..H............>...A...p.......1..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....rsrc...H....`.......6..............@..@.reloc.......p.......<..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libGLESv2.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2868624
                                                                                                                                                                                    Entropy (8bit):6.542157474173547
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:aOdBHA+8YIQe/dC0sycRJxV/NVlL7O0drSj/ZmLWx:ZVVI3djuxV/NbAV
                                                                                                                                                                                    MD5:517BDA35CFE0E8FFF42422D4A6395EB8
                                                                                                                                                                                    SHA1:8D14E25B9F8F51F853DC9CFE9352B2C1A0D52509
                                                                                                                                                                                    SHA-256:9E45ED321C398DB7DDFE2897291AABBD44D89EBEDA8C0B5C215936FB5E75CD81
                                                                                                                                                                                    SHA-512:E766065EA6435331858511E389E2082DA7A49BCDA3E0C6050590AC0ED4ECBA5F654374C8D5EA59FB45A3580A53FDFE388E3D465AF2037ED6317F9FD410BD0B4F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\...2S..2S..2S..S..2S..6R..2S..1R..2S..7R..2S..3R..2S..3R..2S..3S..2SB.7R..2SB.2R..2SB..S..2S..S..2SB.0R..2SRich..2S................PE..L.....}^...........!.....x!...................!...............................+.....`x,...@...........................(..\...C).......*.P.............+..A... *.4...Pp&.T...................Hq&......p&.@.............!.|............................text...dw!......x!................. ..`.rdata........!......|!.............@..@.data...\....p)......P).............@....rsrc...P.....*.......).............@..@.reloc..4.... *.......).............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libcrypto-1_1.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2541968
                                                                                                                                                                                    Entropy (8bit):6.2431040181013735
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:gOPpyQunjNqCjputv6GZ8RV1CPwDv3uFfJnstTq:gOPn2LpuMGZ8D1CPwDv3uFfJR
                                                                                                                                                                                    MD5:9B916966173ED030B5A46B88950D63B6
                                                                                                                                                                                    SHA1:07EDFA1532910ECA98C4F1CE65AC6BBD542E52A5
                                                                                                                                                                                    SHA-256:4B84600E4DF7F0CB178D48F8C924347BF061EA89E2B471A4F4E4C6B66C8B600A
                                                                                                                                                                                    SHA-512:900DB82FE602E06A7602BA09CB50CD1379CE4E89752C37455C688E99A29B607DF06FBA4E6A243FC1D44C75CE632DDAD975C8D9FC51EC2FDF3DF5D399DEF4BFD8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o..,+...+...+...".0.?...y.~)...y.~!...y.~!...y.~!...?.~"...+.......+...=.....~^.....~*.....\.*.....~*...Rich+...........................PE..L......b...........!.....V...r......EH.......p............................... '.......&...@...........................#..h..d.%.@.....&.|.............&..A... &.l...@.".8...........................x.".@.............%.d............................text...2T.......V.................. ..`.rdata..&....p.......Z..............@..@.data....Y....%......\%.............@....idata........%......r%.............@..@.00cfg........&.......%.............@..@.rsrc...|.....&.......%.............@..@.reloc..k.... &.......%.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\libssl-1_1.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):549776
                                                                                                                                                                                    Entropy (8bit):5.81446031379515
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:bDtji7SllnhazIiyYm9VCAmopmFzVU2lvz15KRH:/tj2/m9w3ooFpU2lvz15KRH
                                                                                                                                                                                    MD5:F0E5109643DF4DCEEF61DA43E46103BD
                                                                                                                                                                                    SHA1:4DB740C229CE8070D85A241C218794BE3D03A0A7
                                                                                                                                                                                    SHA-256:30B1C92553F5A77C7AEEAFE4E33FB2F98794285ACB96165CD341D75CB3964CAC
                                                                                                                                                                                    SHA-512:30B95F61F012076311F551CE9163F7C20FBAB68BE301101B3CBF9E1D4D55811CBCB685EA266C748DCFE25ACF9365ED44FA71E2F63141380820C7A671643BE6AE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J...+.K.+.K.+.K.SwK.+.K.C.J.+.K.@.J.+.K.C.J.+.K.C.J.+.K.C.J.+.K2B.J.+.K.+.Kz*.K2B.J.+.K2B.J.+.K2B.K.+.K2B.J.+.KRich.+.K........PE..L...F..b...........!.........................................................p......W.....@..........................)...N........... ..s............"...A...0...5.. ...8...........................X...@............................................text...q........................... ..`.rdata...g.......h..................@..@.data....;.......6...b..............@....idata...A.......B..................@..@.00cfg..............................@..@.rsrc...s.... ......................@..@.reloc..c=...0...>..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\msvcp140.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):443280
                                                                                                                                                                                    Entropy (8bit):6.6833417944383555
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:/WkQOYOpU2PmQ6hB9NvCKNo+eVD4hUgiW6QR7t5s03Ooc8dHkC2esq2q0Z:/qOYOpU9QgB9NvCwo+G03Ooc8dHkC2eW
                                                                                                                                                                                    MD5:8722DCC7D17C563359F83FEEB946C8A2
                                                                                                                                                                                    SHA1:1F6515DCFE7BA7DC2D62468CEDEB23F59E87D216
                                                                                                                                                                                    SHA-256:3FEBC5AA16AFFEBF4EABDEB86569914CF33A751F8C5619BC6E333EC06C4AF08A
                                                                                                                                                                                    SHA-512:1E5175B8848B2E2337858CE6A4EF9FE375FFAF323AE0C9B9750C403984C98C9AC6E4B4EB31B98470E3E4EF9FEB5C7A8724AA1781853560DE0DE4BD3019066CC5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... .p.s.p.s.p.sb..r.p.s..]s.p.s.p.sNp.s'..r.p.s'..r.p.s'..r.p.s'..r.p.s'..r.p.s'.1s.p.s'..r.p.sRich.p.s........PE..L......a.........."!.........~...... ........0.......................................p....@A.........................P......@c...........................A......|6...W..8............................W..@............`..8............................text..."........................... ..`.data...L(...0......................@....idata.......`......................@..@.rsrc................F..............@..@.reloc..|6.......8...J..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\opengl32sw.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):16012688
                                                                                                                                                                                    Entropy (8bit):6.356091172009559
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:393216:1NkEXgt/UOdyRLjqkmbBDrta60HYUnuedxO0g//NuPyEMO32ovq1:1N1QtXdyRLjqNbBDrta60HYUpO0Q/NuA
                                                                                                                                                                                    MD5:69133545C6189CADBB57D57633596E27
                                                                                                                                                                                    SHA1:F2CF8448488DE0216647F2088FB5FA2DC11CAD53
                                                                                                                                                                                    SHA-256:054648D03FD92CCD4B374C38EF4A28BA75E2705CE2E2286CA310337F17DA4711
                                                                                                                                                                                    SHA-512:6C3ECA29F9C3FF081B9436F91FE632D1C5A2F691B96C9B894BD7CA4E6362B380429557FA9F0CBAA54D0F9A33F5CB1F8D3B58B617FE1289EC89823D4F02B984CF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l%..K...K...K.......K.......K.......K.;.....K..PH...K..PN...K..PO...K.......K...J...K..PO...K..PN.I.K..PC...K..PK...K..PI...K.Rich..K.........PE..L.....`W...........!..........H......D...............................................8....@..........................v.....t............................A..............T...........................X...@............................................text............................... ..`.rdata....<.......<.................@..@.data...pp... ......................@....gfids..............................@..@.tls................................@..._RDATA..............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\platforms\qwindows.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1232784
                                                                                                                                                                                    Entropy (8bit):6.847630229236578
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:SYCQWyni5LoUmhY4or3D8kSqjPfmK7UpOVpYAlCRegIe5ZpzNAoKu15XSxDyfEWN:bniF3z39xPePpOkaXze5ZtN4bZa0IV5
                                                                                                                                                                                    MD5:9B3211940951FE2751F878824F72097D
                                                                                                                                                                                    SHA1:0E05C1C90DD8241558F83EBEE76DFC6C6E137208
                                                                                                                                                                                    SHA-256:130B9CACD6C35DF5AB720E34E784292692904F87412507C57CE846916378B8D2
                                                                                                                                                                                    SHA-512:482568C8C57BA6F1BC246EF256C064AA21B729344D2475A13741D31525B2DF0BE0C0391548A36DBF10D7101C9EF512C28C686B5F3642EF77B3FF733C51BDE5E7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........8..k..k..k..Ak...k...j...k...j..k...j..k...j..k...j..k...j..kN..j..kN..j..k...j...k..kg..kN..j...kN..j..kN.-k..kN..j..kRich..k................PE..L.....}^...........!.....\...j.......[.......p............................................@..........................w..x...(x....... ..H................A...0..<....9..T....................:......H:..@............p...............................text....Z.......\.................. ..`.rdata...?...p...@...`..............@..@.data....X..........................@....qtmetad............................@..P.rsrc...H.... ......................@..@.reloc..<....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\styles\qwindowsvistastyle.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):139664
                                                                                                                                                                                    Entropy (8bit):6.712858289463549
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:ad7EZwu0H8ThK12N8ErtWG9ctleZY6hABwZ0cHLR4NH4MVE/YKfZSz6C6e6jSbRg:J48T0VEh9tV3KNYMG/YKfZSz6C6e6je+
                                                                                                                                                                                    MD5:7CFEB443E3A406597340A8550E08F931
                                                                                                                                                                                    SHA1:E39D980A7DCC6F49B46E4FEA7ED1EF658AA929BE
                                                                                                                                                                                    SHA-256:6DD021143D18260FD7581952A45DF30AAE7FA37011003FCEB5BE7F3CC30D5400
                                                                                                                                                                                    SHA-512:9761237EA276B299A5C9EC8E9CD9F766359181DABC252748EEB70FD50C9AA858BFA9D0C8A5B0ECE628A2AB0E9F1836DBC15166B166283205AED0BEAC9D17131D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................x...............................i........................Rich...........................PE..L.....}^...........!.....D..........EJ.......`...............................0......".....@.........................@...................X................A...........s..T....................t.......s..@............`..d............................text....B.......D.................. ..`.rdata...s...`...t...H..............@..@.data...............................@....qtmetadm...........................@..P.rsrc...X...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ar.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):160010
                                                                                                                                                                                    Entropy (8bit):5.356016965796742
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:hGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzLKHC6Jp9NV0V7:hUr0RACkIwDEpV1Lgf16btw3Bb
                                                                                                                                                                                    MD5:E7EC8B6E07D62634777DBCB47BD611D3
                                                                                                                                                                                    SHA1:67B0381A54F966F59D6AB89FFBB4AAE532A5F191
                                                                                                                                                                                    SHA-256:820EB8876A61022B371D557EEBD83A99A3872C6E93ACBF3E98026DFCB3CE8EFB
                                                                                                                                                                                    SHA-512:D7F13F626854D4186122D0739392207A0A774CF750AE99131281B990C625624FDF5541BC3BDCF3FD44318D55A9287146BB74193A14EF4BDE3F8D2F477C7778B1
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f....@..g

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_bg.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):165327
                                                                                                                                                                                    Entropy (8bit):5.332110019894515
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:aULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:aULpIVFnpwUiEujw27ncUQUz
                                                                                                                                                                                    MD5:6BCB7BF161BBE019CFAEEE7D331E3E79
                                                                                                                                                                                    SHA1:03FA92B55FFBD74DAC958934C7275D32BA0ED030
                                                                                                                                                                                    SHA-256:47F5749032C655F8399563728B8E5591B796AABABB631D0BCA9F18D74F4ED6F0
                                                                                                                                                                                    SHA-512:14BCE2EE6F22D725BCB4D06A50B511E801BC7172BDDF304B63B6FDB531DFC9C272F1E2AADA0C3A70E903F3992BAD9F0E1E5CC1B375B8EE96E307263DFB33F5DF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B../....*..,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O...........*...}..,............=...Q...m..,....t...|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!...f.......g

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ca.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):184024
                                                                                                                                                                                    Entropy (8bit):4.689590376109741
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:ys9nnOd2szfzBzuJe3pEcLOJ/LZXEIphbzSwnVp5ysZ/ebdOA:zBOdJzfzB8eZpOVXEIp9SyPzZmbdOA
                                                                                                                                                                                    MD5:D1D7AB4DA8BC6A6097AF2DB42C9BD14E
                                                                                                                                                                                    SHA1:B2465FC39E774119E4A83D7A4C62516509BEC1C0
                                                                                                                                                                                    SHA-256:44C6B11B0F7BF6B6423D03089BCB603DA37CB9B46BA7B10B7DC07F75FDF9708F
                                                                                                                                                                                    SHA-512:402C788C78F7E9A7FD7DFAB3BF0DEEE9631FCE88590B36173CCEFA59112F4B3191718736773F535AB843DBA31369C6D2883F29DBE0F7F2DE37A8140DEC6CC275
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..3H...*..qr...+......@.......A.......B...I...C...m...D.......E.......F.......G.......H...,...I...P...P...I...Q...m...R.......S.......T.......U...$...V...~...W.......X.......Y.......]..+c...s...E...t...@...............e...;..+1...;..,K...;..+Z...;..8K...M..+....O.......O..."...........}..+........A...=.......m..+....t..........P^..(5..>a..+;..<...+;..ou..+O..)G..1...P...D@..."..E@......H4...w..HY..[...H.......IC...%..J....L..J.......J.......LD......L....[..PS.....QR..!(..R...`...T.......U....F..X.......Zr......[`......\....3..]x......_......._.......yg..(...1...=u...E..@(...7... ......)s......M...............a.......x...$..\#...[.......,......y...w...y.................r............9..\....E..z............z.. ....................%..P....D.................k.....F......J0.....P....5...=...0.......0..*....0...0...0..zd...5...}...5..U........h......a:.. D..,... D..Z...+....h..<U......<U......<.......H5..,...H5..Z...H5......L.......VE.."s..VE..K...V...&...f...U...f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_cs.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):174691
                                                                                                                                                                                    Entropy (8bit):4.871810448526154
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:pWjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:piFGj1QfXr8Gd
                                                                                                                                                                                    MD5:987E045E06AEBA29A8E05A074E6BDB91
                                                                                                                                                                                    SHA1:63D1280382E5DA5EEC4FD6F94608FEC8BA5CE7B4
                                                                                                                                                                                    SHA-256:86E174EFF79F096D81146860DD5CA9E946C643A3464C7DA8919C972747B8DF09
                                                                                                                                                                                    SHA-512:ECC03B78668A2C791EF74071B719204C8FAD6DD75E4D9B7C1D57B9A45DB5A5603A657BC71469AC8D11C464C0CF153234610CB5455924347A98FCBA79CE31565B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..3p...*..F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9...............*...;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G............9..b....

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_da.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):174098
                                                                                                                                                                                    Entropy (8bit):4.764849595574624
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:/2NZ5yZ9jFTkmq/gnBiW/+PcXrqH2olYz0DGdaS4KSLZ0kTTgTUR0toT:/mhH2Pc+CT
                                                                                                                                                                                    MD5:D541CC7F5EA2248E72D2E86CE6CBFA45
                                                                                                                                                                                    SHA1:E05158572255FD30F5F118453EE6E6551D4DB6CA
                                                                                                                                                                                    SHA-256:423E88732439997DEB776F45F1B808F446F8023AB25FA925E949EC27724AB7E0
                                                                                                                                                                                    SHA-512:24FB6998DCB66327D17100B0E364F6370A120190E462B9F574DC5C935F0CB12778B1B9FB5D2CE5A432BCA606D16B42C8C135211AD8926143591830DEF89E77DA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..38...*..M....+.......@...-...A...Q...B.......C.......D.......E.......F...=...G...a...H.......I.......P.......Q.......R.......S...!...T...E...U...i...V.......W.......X.......Y...1...]..)c...s.......t.................2...;..);...;..*K...;.......;..'&...M..)....O.......O...w...........}..)............=.......m..)....t...*......=...(5..-...+;..8...+;..h...+O......1...>U..D@...u..E@......H4...J..HY..U&..H.......IC...(..J....O..J.......J.......LD......L....6..PS...G..QR......R...Z%..T...."..U......X...."..Zr......[`...\..\.......]x...".._....-.._.......yg......1...9....E..<l...7..et..............H............................$..V5...[...<...,.......y...c...y.................O"...........9..V....E..Um...........z...;...................%..Kp...D......................5......8M.....>....5.......0.......0.......0.......0..U....5...<...5..1...............[b.. D..*... D..T...+....E..<U......<U......<....X..H5..*...H5..T...H5......L....G..VE.. ...VE..9...V....O..f...O...f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_de.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):214049
                                                                                                                                                                                    Entropy (8bit):4.630739510084704
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:xpmlxjh6JEB8XVXYWpSNEegQ+vaD+p4N8DDiEKagwGX2lh1FRh6tfedrXPYXCZPz:2lCjK86jxh2p
                                                                                                                                                                                    MD5:73911D71DB30DE43F856D4EA9E911837
                                                                                                                                                                                    SHA1:16E6EC19043808EB3A3D1256EF987DBF7CF126B6
                                                                                                                                                                                    SHA-256:AE34D874BD5A6D11A2EEE605E07A7C6DB2FFDBC998CEB8CFB7C346DD914332BB
                                                                                                                                                                                    SHA-512:DADF70112CF75D251D65796D79B76DBA04EF2DE5450188F40660CB5B24747E51EB95710FA9CF1E783DD14F266D521A9032B1034FDE0A6AE876EB3B7A9AFB10B8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..6....*......+...+...@..H'...A..HK...B..H....C..H....D..I....E..I....F..J1...G..JU...H..Jy...I..J....P..L....Q..L....R..L....S..M....T..MC...U..Mg...V..M....W..M....X..N....Y..N-...]..2%...s..?....t..!.......@\......*....;..1....;..3....;..g....;..u....M..2O...O.......O..?.......P{...}..2y......F....=..G....m..2....t..G........)..(5..|...+;..ZE..+;......+O..d...1.......D@..Ho..E@..L...H4......HY..z*..H...)W..IC..&m..J...&...J.......J...&4..LD..(?..L...(...PS..1...QR..#...R....7..T...?9..U...?...X...D...Zr..L...[`...3..\...Q...]x..E..._....K.._...Sc..yg..mo..1...[....E..^`...7.../......e.......l....................... ....$..{=...[..!)...,..!....y.......y..%........@.......E......&....9..{....E...4......']...z..#d.......0......)#...%..o....D..).......*......@.........................5..*....0...{...0..fb...0.......0......5../....5..........0........... D..3}.. D..y...+...8...<U...*..<U..;...<...<...H5..3...H5..y...L...?`..VE..%j..VE......V...bw..f...s...f...g>..f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_en.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):23
                                                                                                                                                                                    Entropy (8bit):4.229871195093384
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:j2wZC4Xl9t:Cwpvt
                                                                                                                                                                                    MD5:4AEF4415F2E976B2CC6F24B877804A57
                                                                                                                                                                                    SHA1:2AA2D42C51F9CF024E3777F0DDE4270388FD22AE
                                                                                                                                                                                    SHA-256:307CEF95DD5B36FF215055D427E1885B7FC3650C9224CF76D63056545996FF60
                                                                                                                                                                                    SHA-512:C75F089A95107997B0A786E7C1191E48EC7A69AEFFF97DAF37783791D943C612B7C1B43BCC2CACDFD15E79382E0F314C88817C7DD320F8028AF3420452CE3A1C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`.........

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_es.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):165160
                                                                                                                                                                                    Entropy (8bit):4.679808632649905
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:yVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:yVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
                                                                                                                                                                                    MD5:7479D957C5309AEDD4F58E4556590F69
                                                                                                                                                                                    SHA1:2A1787E1F387B62421F8B0233F0119F7F0A9134A
                                                                                                                                                                                    SHA-256:F6A0734903BBFCD9FD447FBCFD7AD6B9BBEA50D038DC9388038C9ECFC13752A4
                                                                                                                                                                                    SHA-512:2C208FA4E3C15E58A4797634B6C6653BEAF45A3BA1AF66B6C3BD8D9ECDB7A5CE03209FD2AE6818603695A5F7DD8F0DF87D687C10713E2EB18FD2C8401FED06C3
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B../....*..*,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V.......f...S...f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_fi.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):179934
                                                                                                                                                                                    Entropy (8bit):4.720905954554612
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:hvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:hvdkA9vh5uWkY0MK2YXs
                                                                                                                                                                                    MD5:FF556242E6061DAC90683223351ABD61
                                                                                                                                                                                    SHA1:D0AD225D3FF0E98619821B68692B996A6F68D580
                                                                                                                                                                                    SHA-256:D04666A656680BE2756B58CE45DB175B846C5928EB6AF62DBA841444DD10E03A
                                                                                                                                                                                    SHA-512:4F7D5C242EC381FDA7FB9142D9333673583215E0578D1BF1D661FB5C2CC6C5F626981E59AAF8AC8EC76EE4096BC3F05F91F40A0A9E1250610A79C38F0662BCBF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..38...*..ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]..*....s...T...t.......................;..*....;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5...*...5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f...R=..f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_fr.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):166157
                                                                                                                                                                                    Entropy (8bit):4.685082113750114
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:zLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:z91wxcowspc4L5pUw+cz39CiQ7tloFm
                                                                                                                                                                                    MD5:37F2AC5CF8EA04844351AE0BCF8420FB
                                                                                                                                                                                    SHA1:DF28A556F02E1DA470DF5DFAA5E47E36A7BED48E
                                                                                                                                                                                    SHA-256:7D40EAA90D9094CE548A41482B496EC494396A82361D4F3D031756118ED042D2
                                                                                                                                                                                    SHA-512:DEBDB2AB4CE27F62888AD48BD2F2468E576BF68B19C4C08940049AD32A21FEE33B2BBC8E3B9C31D3FBFFB034AA802A5937008A26DA703A3F316620B726B6071F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V.......f...S...f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_gd.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):189570
                                                                                                                                                                                    Entropy (8bit):4.629344747922875
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:diaI3C87jhakhR0VGkw7ys7CskQH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:d2yGjh17yiqxTXhvQoejJd8FUjVgk
                                                                                                                                                                                    MD5:FD5046C815BC3E89FB327044A29236E4
                                                                                                                                                                                    SHA1:970F304BB911536E0BD8292BD72EEB575F7DFE22
                                                                                                                                                                                    SHA-256:D1C0717546502AB3D243487AEFB22A073A4BFF8413AD51F7A6235FC722E76C82
                                                                                                                                                                                    SHA-512:6EF0F5E09B04B600A3C25EAA97A8CF91F5783C45414AF4993AD82CB32F2EA3C3C827735629ABBB9BF427154BDAD490B04C263F866838FDF5AFE56947161208DC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8|..f...Z...f...=...f....j..g

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_he.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):138680
                                                                                                                                                                                    Entropy (8bit):5.486983968009447
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:gSue8FDn3iJsqBejd/zNDSLzdetY2ZISfCPS:gSuem7w7IjdIzUtYAISfCPS
                                                                                                                                                                                    MD5:6A8A53D365F564BE4804B3F1167186AD
                                                                                                                                                                                    SHA1:ED876E836243FB6BA790DE8F709F6BFAD45D3936
                                                                                                                                                                                    SHA-256:19A8F435880328F9CCDA4FECDFC20BAC7AFAE589C07D0E2B5563366E908AC8E3
                                                                                                                                                                                    SHA-512:1C6F03718D0AD94BE05A57EE2C12882F4233D025FAC2AC603649E3DBD6DA0DBC32FC2312F426F31046ACFE98355895971D55B389D09E324344DD3733EBE393CD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V......f...FM..f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_hu.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):160484
                                                                                                                                                                                    Entropy (8bit):4.83165152754532
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:QmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:IkWa5pg0MahBHDd
                                                                                                                                                                                    MD5:FD8D6145CA463351F31D6550BCBD9263
                                                                                                                                                                                    SHA1:089BB437C4A41A2B54595B97FC36064789C34CCB
                                                                                                                                                                                    SHA-256:D8DFC2277FCF7086BDB1F22FA22EF33371F71CC2CA9C378542FF9C318197FCBE
                                                                                                                                                                                    SHA-512:7BA51B7312D24E5C03D067872D6C9B6856A6766472B644C7F4446F618E36F534135393C42A276D9B6EA73BC1238498D7153BC9867EEDDB2DFC373EFA6A29FEC5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B../....*.......+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T...*...U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\....*..]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V....*..f...Q...f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_it.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):161129
                                                                                                                                                                                    Entropy (8bit):4.6790639686297455
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:wL5ef7fdO4BKOb0t55pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:wdeDFO4BKOb0t55pnOrvCqg9mRK4IkM
                                                                                                                                                                                    MD5:B183FE971035ADA2E95401263C79AA3B
                                                                                                                                                                                    SHA1:9FA419CFA95360227A86FCC4D2ED5D946A019CB4
                                                                                                                                                                                    SHA-256:54BDD9856E6007B443F553F03B5B83BCA9F08595BF18D3293663517F04E89333
                                                                                                                                                                                    SHA-512:F0B4C7100497CFD09684A57485EF833CBE1A6DD869506AEA64724177E7AD9230957E89DFE356DFA0FFF8DCDD0DAACC53C3897BD27F93A06F390DF372A966407A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B../....*.......+...i...@.......A.......B...L...C...p...D.......E.......F.......G.......H...3...I...W...P...P...Q...t...R.......S.......T.......U...+...V.......W.......X.......Y.......]..+....s.......t..................=...;..+[...;..,g...;.......;.......;..!!...M..+....O...D...O...............}..+........(...=.......m..,....t..........4...(5..'m..+;..<...+;..o5..+O......1...4...D@...%..E@......H4...)..HY..Z...H.......IC...+..J....R..J....j..J.......LD......L....E..PS...j..QR..!...R..._...T.......U.......X.......Zr......[`...0..\.......]x......_......._.......yg..."..1...=....E..?o..............Kf.......G...............(...$..[....[.......,...L...y...9...y...........Y.......Y...........9..\=...E..$T...........z.. k...................%..N....D..................,......_.....0......5....5.......0.......0.......0... ...0.......0..$....5...a...5...).......@......a... D..,... D..Y...+.......<U..._..<U......<....U..H5..-...H5..Z...L.......VE.."c..VE..1...V....7..f...SQ..f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ja.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):129904
                                                                                                                                                                                    Entropy (8bit):5.802847005244529
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:O8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:ZYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
                                                                                                                                                                                    MD5:1C0AB06B3388E79A2206CBFD28E374A2
                                                                                                                                                                                    SHA1:FB94C71EE606C6CF5181840B4A6122EEFD93770B
                                                                                                                                                                                    SHA-256:F0EE03C9936B459CC9BDF184DF9B7EFAD98D40AB7B99E89166A42E019A0EC0EA
                                                                                                                                                                                    SHA-512:1E90991D22B0C34E7947EDBC5864F662AD01B2DA7888FBE3A6E814607EA5ABB6FC0B34A7EE0ACCEDE471D7442755F00FE99C4A8B029244BF034189CD00D74D07
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f...@...f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ko.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):131255
                                                                                                                                                                                    Entropy (8bit):5.830347632783468
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:89B4TqHsU1xw5tBJea7Nrj6Rgqrd2MfjzqUTX+f0MwrcZ1hc2yp:89BaXUOvJea7Nrj+gqxtPq0ORhPyp
                                                                                                                                                                                    MD5:D3EB25E0FFF5719E8840612727896B1D
                                                                                                                                                                                    SHA1:58650C79B3776B87A77D816650E962DE0A96D18A
                                                                                                                                                                                    SHA-256:487755EB0841D47748CCBC2AB8D255CA12277DD0FB687D6DDC730982F8DA77BA
                                                                                                                                                                                    SHA-512:8F35625A7BD8922F5151A9AB9C089E4FD44153CE442E0E10458262DBF97CD2D0BEAEACA7D5C08EBA5078371ACC994A0E9B9C07E4CF2BEAFFA16B0747BC91DC9A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..0....*.......+..B....@...&...A...J...B......C......D.......E.......F...0...G...T...H...x...I......P......Q......R.......S.......T...B...U...f...V.......W.......X.......Y...,...].."....]..#U...s.......t..F..............N....;.."....;..$7...;.......;...V...;......;.......M.."....M..#....O.......O.._.......m....}..#....}..#...........=.......m..#-...m..#....t...I..........(5......+;../...+;..W...+O...w..1....#..D@...n..E@......H4..CG..HY..G...H...M...IC..K...J...K:..J.......J...J...LD..L...L...L...PS..S...QR...f..R...K...T..._...U...`...X...d1..Zr..j8..[`..<?..\...n...]x....._......._...o...yg......1...0....E..27.............;.......D.......D.......FT...$..H....[..F....,..GL...y.......y..J.......{...............J....9..H....E...u......K....z..................My...%..>>...D..N ......NF...........................M...5..N....0.......0.......0......0..Q....0.......5..R....5..........S.......M... D..$... D..F...+...Y...<U...0..<U..\...<...]e..H5..$...H5..G5..L

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_lv.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):153598
                                                                                                                                                                                    Entropy (8bit):4.843660409697438
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:H5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:HObeqrjPGzeJyJLy6
                                                                                                                                                                                    MD5:788862615B8FB13B52E4A80A8C54B3BF
                                                                                                                                                                                    SHA1:802BD10E82BDEEC9596F31464C73DF371A5894CA
                                                                                                                                                                                    SHA-256:257D1201DA42C19C34EA0A5F0DFBBA3D438FC273A7D5B5B97CD13196E963ED28
                                                                                                                                                                                    SHA-512:EA2D877689EC809BCB27E12731DAA51236264DA10775E528FE259F35EEF8E7D84C542C25153E39997A1C7FAA8D849393E3ECF48ED67890A8D5FD4D2DB7CDB1CF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B.......*...B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x...*.._......._....{..yg......1...5v...E..7........(......B.......|.......|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V.......f...J]..f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_pl.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):162972
                                                                                                                                                                                    Entropy (8bit):4.841793231271997
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:1Xpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:1xpTDT8FIWfJmdCmxApmbnqSm9+P
                                                                                                                                                                                    MD5:55A6BB647E176CD4CEB5096C76B87ABF
                                                                                                                                                                                    SHA1:2D43EAF76B5BAF5078066D34E2A71954F2821EF4
                                                                                                                                                                                    SHA-256:99A5A122DBF2E522F99F2BF83201A144E9E340D7B3DD8E16DD785A8CC79FBD69
                                                                                                                                                                                    SHA-512:C1F4142ECE48771264922D228A8A8A21EAA726213E9A0564520B534F88BC3DC42062D20675D666F2105BE70C4277901BB900C1A38A1F01ED7912D3363CC3CF1A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..0....*.."....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]..*....s.......t...r.......o.......+...;..*....;..+....;..."...;... ...M..*....O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f.......g...&...l

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_ru.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):199043
                                                                                                                                                                                    Entropy (8bit):5.363475359125153
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:irMFlsv54rPBy6gu5fs4BOQv6sLlxnrncF423ZL9xyuXwdcX8LZu0ajeoEeXO6W9:ir22vCn5fZvpItXsaSCcRQ+Wup
                                                                                                                                                                                    MD5:80ADE6A2B721F7B14B91DB7EBD12DA77
                                                                                                                                                                                    SHA1:7685104243E986FD50177DD7018B5788ED0D67D2
                                                                                                                                                                                    SHA-256:AA132ED04F8B4E19EB72A25CFF963D3F6DF8BBDC58E99F3580E9014296EAF7B2
                                                                                                                                                                                    SHA-512:99584D9A61BE8578807778F3C308124B27C88316C4715361802FA7F5B21666F5F8AF37E8F658ACE13A8EA52ACBA633F995ABED51A191B449BD74146B7F25E8E2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..7....*.......+.......@..%....A..%)...B..%t...C..%....D..%....E..&....F..'....G..'3...H..'W...I..'{...P..)j...Q..)....R..)....S..)....T..*!...U..*E...V..*....W..*....X..*....Y..+....]...}...s.......t...........N....... ...;...U...;../]...;..B....;..O....M.......O.......O..........&D...}..........#v...=..#....m.......t..$.......h...(5..U...+;..R}..+;......+O..@...1...iK..D@..%M..E@..)...H4......HY..o...H.......IC......J.......J.......J.......LD......L.......PS......QR.."...R...t...T....B..U.......X.......Zr..!K..[`.....\...'...]x.."..._......._...)>..yg..A...1...S....E..V....7..........@.......bf.......B...................$..p....[...l...,...o...y...k...y...].......V.......H...........9..qE...E...............z..!....................%..e....D...k...................._V.....b......iu...5.......0.../...0..BB...0.......0.......5...b...5...f.......[......v .. D../... D..n...+.......<?...$..<U......<U...T..<....*..H5../...H5..o'..L....q..VE..#*..VE..c...V...>g..f...i...f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_sk.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):125753
                                                                                                                                                                                    Entropy (8bit):4.802915682852063
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:CoXDuC1u/2lUBGjJirE5tsd/aev1GcfOdvhw:DucMGjH5t/m
                                                                                                                                                                                    MD5:FED9C191096819DD208E0E3E2D051170
                                                                                                                                                                                    SHA1:996BA0A7A6C3C55AE7232BD8791D72472A85CA84
                                                                                                                                                                                    SHA-256:0144819728779D0861859F5451CD5588B2F2DEF611EDEB77B38655D62BDBDF86
                                                                                                                                                                                    SHA-512:52978A693A1C54A7268BFF1682AF37811399396004B98916F8EAB8BD40EB335C2C6DD6C084687840A8BF20FB6F74B481BDC453D78E6D98BE47EFD0F70E2DDE3C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l...~...zF..^

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_uk.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):158231
                                                                                                                                                                                    Entropy (8bit):5.401703630333425
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:VFoQa3dMUDPTzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8upfk:kzDPTzaw5pCvJ8hVPdlvj3p8
                                                                                                                                                                                    MD5:9A7A0B316CF7117BF3AA928C762C33B6
                                                                                                                                                                                    SHA1:4B4C06191E61FB2F94FE9256F29696EB1AE694C7
                                                                                                                                                                                    SHA-256:FD4A436733637CB4759CDB024F0C7D891E8075BE46F79796077180A9FF488D27
                                                                                                                                                                                    SHA-512:2EC1D3047BC312B14AB55535D3704043CD4697A89B5CEC233FC4F32407007236232F0872B5E162E24A9A4BCCD0B51F4EC6BC4DEB6BCF13BD76C219637D866F37
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B../....*...$...+...K...@.......A.......B...&...C...J...D.......E...g...F.......G.......H.......I...-...P.......Q...@...R.......S.......T.......U.......V...Q...W...u...X.......Y.......]..*y...s...b...t...~...............M...;..*Q...;..+U...;.......;...W...;..!....M..*....O.......O...`...........}..*........$...=.......m..*....t..........3...(5..&...+;..:...+;..k...+O... ..1...4...D@......E@...d..H4......HY..W...H.......IC...5..J....\..J.......J.......LD......L....Y..PS......QR.. ...R...\...T.......U.......X....y..Zr......[`..~...\.......]x......_......._.......yg...B..1...;....E..=w.......L......I............................$..X....[.......,.......y.......y...........,...................9..Y....E...%.......#...z.. ........P...........%..LB...D.......................-M...../......46...5...%...0...O...0...6...0.......0...J...0.......5.......5..................^... D..+... D..V...+.......<U......<U...e..<.......H5..+...H5..V...L....2..VE..!...VE..0...V.......f...PE..f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\translations\qt_zh_TW.qm

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Qt Translation file
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):127839
                                                                                                                                                                                    Entropy (8bit):5.834486776441961
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:Bv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Bh6s6iFxEodjef8pa
                                                                                                                                                                                    MD5:E6B27D6F8AD2B2E090D159DAA818B1AE
                                                                                                                                                                                    SHA1:AC2FACD82366860533F129039A41A414DA1317E0
                                                                                                                                                                                    SHA-256:17E9E4871BE60AA3D22C86FF990BC762BC81EA5690A68579EA062D8ED7F3D3D4
                                                                                                                                                                                    SHA-512:A0EC2401140F680F8A44F768687D4CC48B8A4D9DAE89D376CB5D4E92DE3E9B3369809C41641F34FBD6CC7663F9C40A26B1B0FA971F138261449BAB87A40514B2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:<.d....!..`...B..2x...*.......+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..*W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L...f.......f

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\vcruntime140.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):85904
                                                                                                                                                                                    Entropy (8bit):6.930147551233567
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:acBDobza60cPq1vFVtxmi+VSHn4ecbG2H0HzxffHzxNpV:acUza60cGztcU4ecbG2UH5Hvn
                                                                                                                                                                                    MD5:19992D3BE23A47D38056401CFA4150F8
                                                                                                                                                                                    SHA1:4BB48D6B1AE567C2A990F0103A0F58B41875FFFD
                                                                                                                                                                                    SHA-256:B9A2EE247159D42E2ADAF2BDE7D592F2821103BDF7066C8CBCA89EDA4135ABE0
                                                                                                                                                                                    SHA-512:ECF98DB9CB496E364083D0E150572C7FB2CD0C2B5DAB8D3BCA347C8C79C88B518EB443B93578CD83966107DDB039B5A38D9D25B37147235058F9DC7EDAA17B48
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4...Z...Z...Z.^.[...Z......Z...[...Z...Y...Z...^...Z..._...Z...Z...Z.....Z...X...Z.Rich..Z.................PE..L......a.........."!.........................................................P......Q.....@A................................. .......0...................A...@.......#..8............................#..@............ ...............................text...$........................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):969104
                                                                                                                                                                                    Entropy (8bit):6.168836001872666
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:CVfRQmRB2sjPri+q0xKxf5+LUtH3Jp85HJzD+1zqEN2EL:Yimysq+7xuILUtXJp4pzK1ubEL
                                                                                                                                                                                    MD5:9F1881A02F5570D1A853BBDB5A954E4B
                                                                                                                                                                                    SHA1:64D8CA3600DDCCA6730AA5FA4B75D98C9C6B0920
                                                                                                                                                                                    SHA-256:A43DDD5594F5D01F6B4BD422D5A7E1DA52401D7A2B9F6DE4B7DB78294FFC20A4
                                                                                                                                                                                    SHA-512:5B542F176519E74C93D346AE21C7D916960388980604E4CCFBA58971F2D8ADF86508CF08118677CBF850E058EFF02543B9DAE6E0C155BE34468A76AF5303FCF6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ............................G.....G.........................L.....$...........Rich...........................PE..L....Ycc............................q.............@.................................ta....@.................................x...T.......X@...............A...P...b.....................................@............................................text...*........................... ..`.rdata.............................@..@.data... /.......,..................@....rsrc...X@.......B..................@..@.reloc...b...P...d...$..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\api.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (55810), with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):124787
                                                                                                                                                                                    Entropy (8bit):5.743834594620431
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:qfTYGvZq2bIWmDgwEUZ5s+GwFH+wIWoTjpB1oHQcUUJRDVP8CGEReToeP9MC0zM1:xD25SJAYmvmBd0j8SB
                                                                                                                                                                                    MD5:3A067647839DD2EB52525B44F88BF3F7
                                                                                                                                                                                    SHA1:4DFDA537C0ECCB7CE174BB1E6C1C2C5BF7BC13EB
                                                                                                                                                                                    SHA-256:9D9C64C7FF707D8E599D02A479F81C1064177E8258B1280E5358B0AD8FD35201
                                                                                                                                                                                    SHA-512:11635536E9985932DEE1B9F041CE2F053CD5F606E0C6605BD54A410D796B3854A6D25CC5C9625E8C6242318CAE335855AD90AA97488D9A47B7D1C565F7121C01
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{"version":"0.1.0","createTime":"8/19/2022, 8:42:42 AM","modules":[{"name":"xext","title":".... API ....","example":"const xext = require('xext');"},{"name":"xext.commander","title":"....","label":"ui"},{"name":"xext.contextmenu","title":".......","label":"ui"},{"name":"xext.env","title":"......","label":"platform"},{"name":"xext.ext","title":"....","label":"ext"},{"name":"xext.im","title":"....","label":"chat"},{"name":"xext.lang","title":"..........","label":"ui"},{"name":"xext.members","title":".........","label":"chat"},{"name":"xext.node","title":"NodeJS ..","label":"platform","example":"const fs = require('fs');"},{"name":"xext.nodeModules","title":".....","label":"platform","example":"const ReactDOM = require('react-dom');"},{"name":"xext.notification","title":"....","label":"ui"},{"name":"xext.platform","title":"......","label":"platform","ex

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\package.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2637
                                                                                                                                                                                    Entropy (8bit):4.7020732981387034
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:gr2+CT+UwiPpU1OUb6LHUDB2fUGgUUKBBO8:1+CT+U9BUAUb6LHUOUGgUUKBw8
                                                                                                                                                                                    MD5:58BCB66755C7D08196E6B3FCE44E1B99
                                                                                                                                                                                    SHA1:4E0E786D95C07A245234B8339E1E703666BAB4AC
                                                                                                                                                                                    SHA-256:9ABC0BFBF66C655D3924C9EBB2A59CDF5DE5206E023570CE274A9F2B12042C73
                                                                                                                                                                                    SHA-512:A084B2BB4C0105EE88A49E86DFB8E3853823391C3BB4E6A0D9B00DCA9DC5E614E9B48F67EFE8049700F963F8A66AAFD406D812A5023401356235460F0FA306D5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{. "name": "easysoft-themes",. "displayName": {. "zh-cn": "....",. "zh-tw": "....",. "en": "Official themes",. "defaultLang": "en". },. "version": "3.0.0",. "description": {. "zh-cn": ".............",. "zh-tw": ".............",. "en": "Official additional themes.",. "defaultLang": "en". },. "type": "theme",. "icon": "mdi-lightbulb",. "accentColor": "#333",. "themes": [. {. "name": "dark",. "displayName": {"zh-cn": "..", "zh-tw": "..", "en": "Dark", "defaultLang": "en"},. "color": "#333",. "style": "themes/dark.css",. "inject": "append",. "scheme": "dark". }, {. "name": "zentao",. "displayName": {"zh-cn": "...", "zh-tw": "...", "en": "Blue", "defaultLang": "en"},. "color": "#006af1",. "style":

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\dark.css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:assembler source, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8703
                                                                                                                                                                                    Entropy (8bit):5.0529868607622275
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:aKXLKYF5tEQ4Bga2a78X1UMys0iKPWmEFjaq0QDAvAOzf5:HtECOsSJvuAnzf5
                                                                                                                                                                                    MD5:82CC3B0068AE0B621FC747C2F04150CE
                                                                                                                                                                                    SHA1:4EF06E2C43F3206542B04C2BFF8D408DFCF318A6
                                                                                                                                                                                    SHA-256:EF8CD52056FB4F1F6099365FB97A1FF8DFF6EE66F3A9BA9FE4C15CDBFB49C17D
                                                                                                                                                                                    SHA-512:ABB4E3EE814C90507DEF87928A2609A5C172996DFFC2D071D56DF0DD1930EE89F97083AC27E0D6BC40D18592DC5C83CC209E35ED070FB60C1698D9A791858AA4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:@import './highlightjs.css';..body {. --color-primary: #f1f1f1;. --color-primary-10: #f1f1f11a;. --color-pale: #888;. --color-white: #000;.}...page,.select,.option,.body {. color: #f1f1f1;. background-color: #414141;.}..audio::-webkit-media-controls-enclosure {. filter: invert(80%);.}...Resizer {. background-color: #666;.}...emoji-dialog .emoji-dialog-header li.active,..emoji-dialog {. background-color: #333;.}...emoji-dialog .emoji-dialog-header {. background-color: #252526;.}...emoji-dialog .emoji-row .emoji:hover {. background-color: #222;.}...arrow-top:before {. border-color: transparent transparent #252526 transparent;.}...arrow-bottom:before {. border-color: #252526 transparent transparent transparent;.}...divider {. border-bottom-color: rgba(255, 255, 255, 0.15);.}...primary {. background-color: #252526 !important;.}...accent {. background-color: #0088ff !important;.}...accent-pale {. background-color: #333333 !important;.}...text-accent {. color: #0088ff !impo

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\green.css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:assembler source, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1648
                                                                                                                                                                                    Entropy (8bit):5.048444846912226
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:UGiSHM/aew/umg1FT5hGd2mGdtQ7eN2n3h23dTgm8TwU5RfPJZ5R+P9CDboB:UKe1FlK2htJN2nR2NEm8MU57Z5GOm
                                                                                                                                                                                    MD5:26C65A9F2931229B669274EB5D162B20
                                                                                                                                                                                    SHA1:D88A68BD60DF0959DA99EDA3EFD2328A00C5629A
                                                                                                                                                                                    SHA-256:85CA63FB68FDEF9572FDFC65A838C9E799A1046A282056832C8EAE044C2F8E9C
                                                                                                                                                                                    SHA-512:0BF2671E78B18C9647788986795A1DF01ECF79D2568CFEF818722CD1C3984DE48E3170E15047735BE8D5C30B2E86D41F4C1D0215EBD91D4C0F4FA2DD3061BBF3
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:body {. --color-primary: #00b791;. --color-primary-10: #00b7911a;. --color-secondary: #5adf96;. --color-pale: #e5fbf3;.}...primary {. background-color: #00b791!important;. border-color: #00b791!important;.}..primary-pale {. background-color: #e5fbf3!important;. border-color: #e5fbf3!important;.}..text-primary,..primary-pale.text-tint,..primary-pale .active {. color: #00b791!important;.}..primary.x-outline {. border-color: #00b791!important;. color: #00b791!important;.}..primary.x-outline.hover-solid:hover,..primary.x-outline .active {. background-color: #00b791!important;. color: #fff!important;.}..text-secondary {. color: #5adf96;.}..markdown-content a {. color: #00b791;.}..input:focus,..textarea:focus,..select > select:focus {. border-color: #5adf96;. box-shadow: 0 0 0 0.1rem #e5fbf3;.}..radio > input:focus + label:before,..checkbox > input:focus + label:before {. border-color: #5adf96;. box-shadow: inset 0 0 0 0.05rem #e5fbf3, 0 0 0 0.1rem #e5fbf3;.}..checkbox:che

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\highlightjs.css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1531
                                                                                                                                                                                    Entropy (8bit):5.063221716876586
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:nUClm8IvX3IFmEMwf96uY2p89pB2NHw1zH1o31aW:nGvoTMwYuYS89pBcYq1Z
                                                                                                                                                                                    MD5:70A3004852A746F6289751BB3DEB4621
                                                                                                                                                                                    SHA1:217201B42E3FFE9A1AF2EF09636146E561D0713B
                                                                                                                                                                                    SHA-256:30ED1D287A120FD5D6A136A41B36A642C51E9442044532B372C5B4CDAC22350C
                                                                                                                                                                                    SHA-512:EB257CC3ADE6DBBAF9CC7CA996B720A1EAB56470A11F02FAB0D52A09C12F7AC519A66583CFADE687416ACADA2E71AEA8E334C7A8B7F8A7323D7BE64E91555512
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:/*. * Visual Studio 2015 dark style. * Author: Nicolas LLOBERA <nllobera@gmail.com>. */...markdown-content > pre,..hljs {. display: block;. overflow-x: auto;. padding: 0.5em;. background: #1E1E1EA6!important;. color: #eee!important;.}...hljs-keyword,..hljs-literal,..hljs-symbol,..hljs-name {. color: #f92672!important;.}..hljs-link {. color: #569CD6;. text-decoration: underline;.}...hljs-built_in,..hljs-type {. color: #66d9ef!important;.}...hljs-number,..hljs-class {. color: #ae81ff!important;.}...hljs-string,..hljs-meta-string {. color: #e6b93c!important;.}...hljs-regexp,..hljs-template-tag {. color: #ae81ff!important;.}...hljs-subst,..hljs-function,..hljs-title,..hljs-params,..hljs-formula {. color: #a6e22e!important;.}...hljs-comment,..hljs-quote {. color: #88846f!important;. font-style: italic;.}...hljs-doctag {. color: #49aa19!important;.}...hljs-meta,..hljs-meta-keyword {. color: #3c9ae8!important;.}...hljs-variable,..hljs-template-variable {. color: #e0529c!impo

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\pink.css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:assembler source, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1648
                                                                                                                                                                                    Entropy (8bit):5.016042674047064
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:U8m7X6iaaU++FyK2hljhN2nR2NR+XpU5T/Z50vO+D:UKwDj+1
                                                                                                                                                                                    MD5:B797C17D4464CB9F7320849A2F2DF0E3
                                                                                                                                                                                    SHA1:AFCF3EB27E028F58EB640F1C65C0C5AD3D7D4855
                                                                                                                                                                                    SHA-256:3B331A31E84726CEA2CF3774BCD881720435A0B134D78139CEF0D3127DD85888
                                                                                                                                                                                    SHA-512:C4C9F0596DC87BA9198BABF7B021C36F62D0D9D1EA65AC5FF2576C632461428D473317B40B51990524DA0115A27FDFABBA4FF154759FFE1207AEC9386661A493
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:body {. --color-primary: #a050d7;. --color-primary-10: #a050d71a;. --color-secondary: #f7889c;. --color-pale: #fdebfc;.}...primary {. background-color: #a050d7!important;. border-color: #a050d7!important;.}..primary-pale {. background-color: #fdebfc!important;. border-color: #fdebfc!important;.}..text-primary,..primary-pale.text-tint,..primary-pale .active {. color: #a050d7!important;.}..primary.x-outline {. border-color: #a050d7!important;. color: #a050d7!important;.}..primary.x-outline.hover-solid:hover,..primary.x-outline .active {. background-color: #a050d7!important;. color: #fff!important;.}..text-secondary {. color: #f7889c;.}..markdown-content a {. color: #a050d7;.}..input:focus,..textarea:focus,..select > select:focus {. border-color: #f7889c;. box-shadow: 0 0 0 0.1rem #fdebfc;.}..radio > input:focus + label:before,..checkbox > input:focus + label:before {. border-color: #f7889c;. box-shadow: inset 0 0 0 0.05rem #fdebfc, 0 0 0 0.1rem #fdebfc;.}..checkbox:che

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\red.css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:assembler source, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1649
                                                                                                                                                                                    Entropy (8bit):5.054090381257471
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:UExFxmK2hgM/kFN2nR2NGlpLOU5JZ50OT+:UiybpvJj0m+
                                                                                                                                                                                    MD5:D6945271475CDAEA61CD4F55312FD5EF
                                                                                                                                                                                    SHA1:F9B37FA7003438C7B0178E6D584EC9518F75B288
                                                                                                                                                                                    SHA-256:116980E51B28F575A911526E65A253B95E0A4C280668889BC8AE23A36FEF48D7
                                                                                                                                                                                    SHA-512:22BEEF6198C697553B714B96832FE099BE7E25E99A9233346A57D9D99F7B392FB4078B5769E71252B66AD6A6F0DE462902BF11C5A71271D590FAE99621DC9F86
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:body {. --color-primary: #e62340;. --color-primary-10: #e623401a;. --color-secondary: #f5515f;. --color-pale: #ffede9;.}...primary {. background-color: #e62340!important;. border-color: #e62340!important;.}..primary-pale {. background-color: #ffede9!important;. border-color: #ffede9!important;.}..text-primary,..primary-pale.text-tint,..primary-pale .active {. color: #e62340!important;.}..primary.x-outline {. border-color: #e62340!important;. color: #e62340!important;.}..primary.x-outline.hover-solid:hover,..primary.x-outline .active {. background-color: #e62340!important;. color: #fff!important;.}..text-secondary {. color: #f5515f;.}..markdown-content a {. color: #e62340;.}..input:focus,..textarea:focus,..select > select:focus {. border-color: #f5515f;. box-shadow: 0 0 0 0.1rem #ffede9;.}..radio > input:focus + label:before,..checkbox > input:focus + label:before {. border-color: #f5515f;. box-shadow: inset 0 0 0 0.05rem #ffede9, 0 0 0 0.1rem #ffede9;.}..checkbox:che

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\wisteria.css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:assembler source, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1648
                                                                                                                                                                                    Entropy (8bit):5.099629771744309
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:U7Ek/FKkK2hnPKuN2nR2NfpYLU5XlZ52ROKe8:U7/NK8dZXlj2RrP
                                                                                                                                                                                    MD5:379BAD3F8BB4330DCEEC4F0CD28E72AC
                                                                                                                                                                                    SHA1:A33F8A4E8E12B3D91F3C9CAEA41D388F214F5D38
                                                                                                                                                                                    SHA-256:49BF57D12101FB6DCD9F2D2504AA589E4E5D452959BB2874640945516D68479E
                                                                                                                                                                                    SHA-512:BDEEC80AAFB49B4BFA548039B0DCF088FFD2CF581BFDAC2FE62B5609B81DC8EDA3516D8C9B16BDBC659D9C18BD3EAC05A8F95B11BCC4B562B59CF2E7178624D8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:body {. --color-primary: #8a5fb9;. --color-primary-10: #8a5fb91a;. --color-secondary: #A57AE6;. --color-pale: #f8f3ff;.}...primary {. background-color: #8a5fb9!important;. border-color: #8a5fb9!important;.}..primary-pale {. background-color: #f8f3ff!important;. border-color: #f8f3ff!important;.}..text-primary,..primary-pale.text-tint,..primary-pale .active {. color: #8a5fb9!important;.}..primary.x-outline {. border-color: #8a5fb9!important;. color: #8a5fb9!important;.}..primary.x-outline.hover-solid:hover,..primary.x-outline .active {. background-color: #8a5fb9!important;. color: #fff!important;.}..text-secondary {. color: #A57AE6;.}..markdown-content a {. color: #8a5fb9;.}..input:focus,..textarea:focus,..select > select:focus {. border-color: #A57AE6;. box-shadow: 0 0 0 0.1rem #f8f3ff;.}..radio > input:focus + label:before,..checkbox > input:focus + label:before {. border-color: #A57AE6;. box-shadow: inset 0 0 0 0.05rem #f8f3ff, 0 0 0 0.1rem #f8f3ff;.}..checkbox:che

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\easysoft-themes\themes\zentao.css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:assembler source, ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1618
                                                                                                                                                                                    Entropy (8bit):4.975586552718701
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:Uavi8/yZFRpvdhGd2mGdXQNpv7uN2n3h23dhrvm2vbT0U5ReHVZ5RLHhCDbh7f:UsyZFtK2hXOuN2nR2NhSewU5s1Z5hBOZ
                                                                                                                                                                                    MD5:0805D4FB50511E4A92FCC25233CD8EF2
                                                                                                                                                                                    SHA1:29CB7ACB94ECF0007381FE29EDE931278D9307C5
                                                                                                                                                                                    SHA-256:7E2E1DA9F8098C8E64D2E69F6367CBD137800E301B924B7381E2B29ACE9E7A47
                                                                                                                                                                                    SHA-512:AB67DEB42377F3CCE08E629AE29D65D1E71DAAD93959964A1F76A641E0DE8154B31654D6F85EB08FEB59A4B723DE2A7D37F5E3ACBDCA3EF13D330415E2D1C109
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:body {. --color-primary: #006af1;. --color-primary-10: #006af11a;. --color-pale: #ebf6ff;.}..primary {. background-color: #006af1!important;. border-color: #006af1!important;.}..primary-pale {. background-color: #ebf6ff!important;. border-color: #ebf6ff!important;.}..text-primary,..primary-pale.text-tint,..primary-pale .active {. color: #006af1!important;.}..primary.x-outline {. border-color: #006af1!important;. color: #006af1!important;.}..primary.x-outline.hover-solid:hover,..primary.x-outline .active {. background-color: #006af1!important;. color: #fff!important;.}..text-secondary {. color: #00a9fc;.}..markdown-content a {. color: #006af1;.}..input:focus,..textarea:focus,..select > select:focus {. border-color: #00a9fc;. box-shadow: 0 0 0 0.1rem #ebf6ff;.}..radio > input:focus + label:before,..checkbox > input:focus + label:before {. border-color: #00a9fc;. box-shadow: inset 0 0 0 0.05rem #ebf6ff, 0 0 0 0.1rem #ebf6ff;.}..checkbox:checked > label:before,..checkbox:

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\extensions.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2640
                                                                                                                                                                                    Entropy (8bit):4.706889895555625
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:TFPr2+CT+UwiPpU1OUb6LHUDB2fUGgUUKBBOpv:A+CT+U9BUAUb6LHUOUGgUUKBwpv
                                                                                                                                                                                    MD5:F2FF8E7C17ED752A0CC3D7F0C706329C
                                                                                                                                                                                    SHA1:5B80A695228648D1E780956BA00612C51CCFD957
                                                                                                                                                                                    SHA-256:128BEBC7A57424EE81995C3FE14AD961050BD1697229951AD97324A5C679BC66
                                                                                                                                                                                    SHA-512:3458405B6810B97B3A9874630E02A12F7D22E0CE457453253C98743285B200828B73F22B64C72E9D99AD137A822E868674E3C5910B7098FC75BAC2D3F9F5F25A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:[{. "name": "easysoft-themes",. "displayName": {. "zh-cn": "....",. "zh-tw": "....",. "en": "Official themes",. "defaultLang": "en". },. "version": "3.0.0",. "description": {. "zh-cn": ".............",. "zh-tw": ".............",. "en": "Official additional themes.",. "defaultLang": "en". },. "type": "theme",. "icon": "mdi-lightbulb",. "accentColor": "#333",. "themes": [. {. "name": "dark",. "displayName": {"zh-cn": "..", "zh-tw": "..", "en": "Dark", "defaultLang": "en"},. "color": "#333",. "style": "themes/dark.css",. "inject": "append",. "scheme": "dark". }, {. "name": "zentao",. "displayName": {"zh-cn": "...", "zh-tw": "...", "en": "Blue", "defaultLang": "en"},. "color": "#006af1",. "style":

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\ts-icons\icons.png

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PNG image data, 238 x 204, 8-bit colormap, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):6557
                                                                                                                                                                                    Entropy (8bit):7.727154038196611
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:GSTHQ+I0DkQtLzS2uSubXUJ62MLPdgnfYWg5+uhnYvaE064+I4OPID6CcoYqqLb7:djQIBO2jubXqMKnwL5NnnM/OlocbYT4l
                                                                                                                                                                                    MD5:8B5C644A25308EC12DE89BEE5A6821B3
                                                                                                                                                                                    SHA1:858A2DA7E1B272F1BC5A16A49A6F12DACFC92C42
                                                                                                                                                                                    SHA-256:A3A7E570A4634E3987A7F2042ED8B851958BFF4569A831F8E12C50B070835038
                                                                                                                                                                                    SHA-512:578AF19A7822DC0C4D9A499A2D6A2C47ACFBCAE78201A99B85D1800AD4E17A8A30467871AA10A75DA1ACF82DBEDC496D450870D109A81445E6B44CAB81A0DD41
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.PNG........IHDR.............CTo-....PLTE...M..}..M..}..M..M.....}..M....hl.M..M..}............M.......M..M..............}.....}..}...........}..}.....}..........M........}..M...........M.....}........}.....M..M..}..}............M....}..}........}..M....................=.........}..............M..M.....}....M..M..}..}..=..M............M..M.......Ut..M.........}..M..M....}.......}.....}..=..=..=..............}.....=..=..=..=..M..M....M..}.....}.........M..=..M.....=..}..........=....=....}..}..M........M..6Rn}.....}....}..=....}..}..=..=..=.........=....=..M..............&S...M..=..=.................M..=.........}..M..mt.BFhK..K..M..=..=.......PPPPPP...=....M..M..K.....M..........=..}.....&S....PPP..K.._.....3...b..D..0h......ddd.`.......^......l.....tRNS.............D<..=....Y!..K........je>`...z.K._D.....!.|.0.`a!dE...b.....>.....Xd..;..,....{y?{....{.......J5J.ZZKE.?...........m/..H7.l7....dC11/-'.6....nl<!.....xPKG6..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\ts-icons\icons@2x.png

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PNG image data, 476 x 408, 8-bit colormap, non-interlaced
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):13831
                                                                                                                                                                                    Entropy (8bit):7.895406598882865
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:SCJrkeiaOCggmwzARp38B1SXGDZWSAmITpUqGjifhofVdykrxl2+0pXeQtG9ZIlm:DJTbxZmqaX4rMTpou2qkdCpGIlf9At
                                                                                                                                                                                    MD5:5EB5D20752E8AA2CA0A5A4AE7F0C737D
                                                                                                                                                                                    SHA1:E705B21493C503B13B6393429F4C1136A05675CD
                                                                                                                                                                                    SHA-256:9265406EE65994AB73CC2D41899F5124D34C093D41CBF4F91EF2CD04912524A5
                                                                                                                                                                                    SHA-512:6DB560E8C4A2DCBE12E33F60224985AD9B9776E94E6612FC561DE10E9246729EF84BB510C4AD509DA0398C466E4754FAF10D8A1B9C9C0419458E5F5A4243DCCA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.PNG........IHDR....................PLTE...L.....}.....M.....M..M.....L..}..M..........M.........}..M.....}..}........}.....M..........}..M.......}..M.....}.....}..M..}.................M..}..M..M..}..}..M..M..M....M.....}........}..}..M..}....}.....}..}..}...........=..}..=......M.....}....=..}.....................}.....M..M.....M.....................=....}..H..M..M........M...............M.......}........M..M..=..M..=....M...........M..}..=....=....................M..}....M..=..M................M.....=..=..M.............=...............=..=....}..M.....}..=..}..}..............=.......M.....&S...&S.=.......BFh.....................}....=..=..=..=..K..PPPK.....O?\PPPPPP...=..&S.K..K..M..........=..}.....&S....PPP..K.....0h.b..D.....ddd.......`.^.........&G}....tRNS.....Y......y......z....4zy..Y.Y...Xh..=........z.A(..H..0...;...?...H.....j.N......)...YH..i..)"..^*..H@*..~@<...rlH<)...B.cK....&..~.m6,.......<3..z.h3...^3P&^W=3h-.G

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\build-in\ts-icons\style.css

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):33625
                                                                                                                                                                                    Entropy (8bit):4.657192497936295
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:b3akuPIveKU9fUPnOturH5EeUOAPKvYsu9/UPqYl4bnROoUYMbU726YdrUbLgfA2:h
                                                                                                                                                                                    MD5:070A9C75FC988845B69C30580AE38BF1
                                                                                                                                                                                    SHA1:A10BF1258219350F466C4155DC6BCA96FE6E6701
                                                                                                                                                                                    SHA-256:0EE25B392320BB39668CB3098C0100E722C13443C441B166EA58B28C3ED4424B
                                                                                                                                                                                    SHA-512:F75D93FAAB66D54C24A3A5C858D974CCE17796D0B15B572D79C0B77C11B044C5075C1A40B512379795879C6CC8B7598DBB5853211F3AC6FE45DD7217E9E8BD4B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.tsd-kind-icon {. display: inline-block;. position: relative;. padding-left: 20px;. text-indent: -20px;.}...tsd-kind-icon::before {. content: "";. display: inline-block;. vertical-align: middle;. width: 17px;. height: 17px;. margin-top: -1px;. margin-left: -2px;. background-image: url("./icons.png");.}..@media (min-resolution: 144dpi) {. .tsd-kind-icon::before {. background-image: url("./icons@2x.png");. background-size: 238px 204px;. }.}...tsd-signature.tsd-kind-icon::before {. background-position: 0 -153px;.}...tsd-kind-object-literal.tsd-kind-icon::before {. background-position: 0 -17px;.}...tsd-kind-object-literal.tsd-is-protected > .tsd-kind-icon::before {. background-position: -17px -17px;.}...tsd-kind-object-literal.tsd-is-private.tsd-kind-icon::before {. background-position: -34px -17px;.}...tsd-kind-class.tsd-kind-icon::before {. background-position: 0 -34px;.}...tsd-kind-class.tsd-is-protected.tsd-kind-icon::before {. background-position: -17px -34

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\elevate.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):124304
                                                                                                                                                                                    Entropy (8bit):6.71809117353982
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:uNbLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWlZHsHw:CPrwRhte1XsE1lVUw
                                                                                                                                                                                    MD5:B914A879980028752D7BA8ABC9163708
                                                                                                                                                                                    SHA1:9F79ACCAB5AB912C7F8D47E998224D482C38883E
                                                                                                                                                                                    SHA-256:0E6487316ADCC6E52300BA80F49237940BBE063C8EF18A97A07BC4B01F08556C
                                                                                                                                                                                    SHA-512:167D13D37BC5CA513F0D306FA8C56212F8E907EA4A529CE21D810506F7B9E5E31AD9DE042DF432622C44F54DF481E5C87BABBEDEE4AFA9ADA76B2F258F3D9ECF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@..................................5....@....................................P.......x................A......T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\en.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):71321
                                                                                                                                                                                    Entropy (8bit):4.810876204138192
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:+sJQCP7e4uAKFlVRM8PazxYCY8qHQimQ7yDvRk:pJQCP7e4uAKFlVLPazxYC6HQimQ7yD2
                                                                                                                                                                                    MD5:9F3085AD418F3DE3E4186DB6AED5100D
                                                                                                                                                                                    SHA1:112B0B4B455B81DCCB7A998C0DA2F723FCD8E633
                                                                                                                                                                                    SHA-256:3757A066B973D20C90B0B988096CAC8567F0D3D3B6B536572E473FB07A6AF6AD
                                                                                                                                                                                    SHA-512:EF992172C7FAC676CBD3542A34D0A7DAB9D0484718E62BAA3A6124C434563F057A2A071D0C7E22EA9D68152208546D79BE868466EF42E1141C14DFCB3BA7A0F3
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{. "app.companyName": "ZenTao Software (Qingdao) Co., Ltd.",. "app.companyShortName": "ZenTao Software",. "chat.addAdminForGroup": "Set {0} as an administrator",. "chat.addAdminForGroup.confirm": "Are you sure to set {0} as the administrator?",. "chat.all": "All",. "chat.atHim": "@s/he",. "chat.atHim.f": "@her",. "chat.atHim.m": "@him",. "chat.bulletin.cancel": "Cancel bulletin Settings",. "chat.bulletin.expiryDate": "Expire after",. "chat.bulletin.settings": "Bulletin Settings",. "chat.bulletin.type": "Type",. "chat.bulletin.type.bulletin": "Bulletin",. "chat.bulletin.type.notice": "Notice",. "chat.committers.blocked": "Blocked",. "chat.committers.blockedTip": "Read only conversation. You cannot send messages.",. "chat.committers.committersSettingTip": "You can set a whitelist to control who can send messages in this group.",. "chat.committers.setCommitters": "Whitelist",. "chat.committers.setCommittersFormat": "Set a white list

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\ja.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):93467
                                                                                                                                                                                    Entropy (8bit):5.7470221837363376
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:GCttZqu6PhP9WWM9XnpiJ4zLrttQ98MeYUvoq:GCtSPhlb2c4p298MeYUD
                                                                                                                                                                                    MD5:7798F2B70259224F06F3C277ABDED062
                                                                                                                                                                                    SHA1:DA861F2EA3006F5E97AEEBF1D6D7AFA2ED49420B
                                                                                                                                                                                    SHA-256:3AE0C3438B27E5B60D739B2EEF0A3AF418E9A19AB7052D02C95251900055B598
                                                                                                                                                                                    SHA-512:F0DC87A09BC99C316291BEDD4A92599359AB635D004ED3A5A93C558DE4D780FCCC002327B5790A277F4C18EFA5BFC1B8E671C77E97E2BE5F0EBB7E46D3E070F4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{. "app.companyName": "ZenTao Software (Qingdao) Co., Ltd.",. "app.companyShortName": "ZenTao Software",. "chat.addAdminForGroup": "{0}............",. "chat.addAdminForGroup.confirm": "{0}....................",. "chat.all": "..",. "chat.atHim": "@../.",. "chat.atHim.f": "@..",. "chat.atHim.m": "@.",. "chat.bulletin.cancel": ".........",. "chat.bulletin.expiryDate": "....",. "chat.bulletin.settings": ".......",. "chat.bulletin.type": "..",. "chat.bulletin.type.bulletin": ".....",. "chat.bulletin.type.notice": "..",. "chat.committers.blocked": "...........",. "chat.committers.blockedTip": ".......................................",. "chat.committers.committersSettingTip": "...........

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\vi.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):82189
                                                                                                                                                                                    Entropy (8bit):5.3491582212556095
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:4IXOY8uMIAAxmKeem5ezY0NPgQCCAmmprzNqLaMjuEd6jgc/0mIdQ5i/T5pD0rxC:4IXOYTMIBTeZezammprzNqLNjuEd6Mcy
                                                                                                                                                                                    MD5:F8840DFC1EF6880A2F793F3179B8432F
                                                                                                                                                                                    SHA1:0083D4E6629FA6117348130BB3DF92A463819775
                                                                                                                                                                                    SHA-256:608378E2F44334ED95E19A05542F14E542FC4DE662A63C7EDA0085BDB63CE765
                                                                                                                                                                                    SHA-512:CEF287F1DA4C0ACFF83EA2FF793AC14538F3EA3279F81771359170A595C8B5AC69A422E62C212CCD78A220DD6207EA22ED66D884CFF512796103861974765F64
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{. "app.companyName": "ZenTao Software (Qingdao) Co., Ltd.",. "app.companyShortName": "ZenTao Software",. "chat.addAdminForGroup": "..t {0} l.m qu.n tr. vi.n",. "chat.addAdminForGroup.confirm": "B.n c. ch.c ch.n ..t {0} l.m qu.n tr. vi.n kh.ng?",. "chat.all": "T.t c.",. "chat.atHim": "@s/he",. "chat.atHim.f": "@her",. "chat.atHim.m": "@him",. "chat.bulletin.cancel": "H.y c.i ..t th.ng b.o",. "chat.bulletin.expiryDate": "Ng.y h.t h.n",. "chat.bulletin.settings": "C.i ..t b.n tin",. "chat.bulletin.type": "Ki.u",. "chat.bulletin.type.bulletin": "B.n tin",. "chat.bulletin.type.notice": ".. .",. "chat.committers.blocked": "Ch.n",. "chat.committers.blockedTip": "Ch. ..c h.i tho.i. B.n kh.ng th. g.i tin nh.n.",. "chat.committers.committersSettingTip": "B.n c. th. thi.t l.p m.t danh s.ch tr.ng .. qu.n l. ai c. th. g.i tin nh.n trong nh.m n.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\zh-cn.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):69765
                                                                                                                                                                                    Entropy (8bit):6.047104575580765
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:O39snI0/Vo/bsOZuWR2MnEezOIGGLmfqTmoOSOcx/uZOdvDgyEdDBdd6FZbErsk:O+nwDOIbpyotJx/TDgDdDBdsYsk
                                                                                                                                                                                    MD5:CC43E79EF29F4D95A7111B19B39D057B
                                                                                                                                                                                    SHA1:3920B53F7F6E3CCA696D2EFD8FD429585E746014
                                                                                                                                                                                    SHA-256:2B3294315E5692A41F61A1D61F2534641E0F25356CE44A25DA52622EC94BEEDC
                                                                                                                                                                                    SHA-512:1BA725C152EC848CB0BA11E997F0626C1A74D1DEEF380A4112F294D03A585CCE27F9A5768B4D458C8C36E4AF847CF19CE9949E8B261B97664631517BB63184FB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{. "app.companyName": "............",. "app.companyShortName": "....",. "chat.addAdminForGroup": ".{0}......",. "chat.addAdminForGroup.confirm": "...{0}.......",. "chat.all": "..",. "chat.atHim": "@./.",. "chat.atHim.f": "@.",. "chat.atHim.m": "@.",. "chat.bulletin.cancel": "......",. "chat.bulletin.expiryDate": "...",. "chat.bulletin.settings": "....",. "chat.bulletin.type": "..",. "chat.bulletin.type.bulletin": "..",. "chat.bulletin.type.notice": "..",. "chat.committers.blocked": "...",. "chat.committers.blockedTip": "...................",. "chat.committers.committersSettingTip": ".......................",. "chat.committers.setCommitters": ".....",. "chat.committers.setCommittersFormat": ".....{0}...

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\resources\lang\zh-tw.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):69830
                                                                                                                                                                                    Entropy (8bit):6.061043037241247
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:+P9Ipnof+zWoQUOofr9D8j2H/6wVFWorabj:EIpnqlodfreg6wVhra
                                                                                                                                                                                    MD5:605D89A690B7A14CB6927A28A42CB342
                                                                                                                                                                                    SHA1:7ACE9ADEA77EBD5A2F5B93BF1ECF6C30F8BB8B5E
                                                                                                                                                                                    SHA-256:F8EC562D0690405E3696684478D2631688F2A3A2268AF48420E2A9C5F43E5DB9
                                                                                                                                                                                    SHA-512:9181442A9367132222F44E1CDE40A2C7DD97EFDD214DF47EB8550644C49A138BCF74AAA72BBA7CD93F874EF2791A7B3AD717DBB7E9AE9D7602B09A3283732B8B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{. "app.companyName": "............",. "app.companyShortName": "....",. "chat.addAdminForGroup": ".{0}......",. "chat.addAdminForGroup.confirm": "...{0}.......",. "chat.all": "..",. "chat.atHim": "@./.",. "chat.atHim.f": "@.",. "chat.atHim.m": "@.",. "chat.bulletin.cancel": "......",. "chat.bulletin.expiryDate": "...",. "chat.bulletin.settings": "....",. "chat.bulletin.type": "..",. "chat.bulletin.type.bulletin": "..",. "chat.bulletin.type.notice": "..",. "chat.committers.blocked": "...",. "chat.committers.blockedTip": "...................",. "chat.committers.committersSettingTip": ".......................",. "chat.committers.setCommitters": ".....",. "chat.committers.setCommittersFormat": ".....{0}...

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\snapshot_blob.bin

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):48461
                                                                                                                                                                                    Entropy (8bit):7.987314300368931
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:F5U0Yb99r5wYlQanw3D4yDFWjefDELnFHBBHOa0fmwdI22HeArTVUW/8EO:TU0YZ9r5Tnw3D4BpzFhBHvQUR+A/VnO
                                                                                                                                                                                    MD5:AD4B5EDDCFA0A283FA0AF0592DD4625D
                                                                                                                                                                                    SHA1:175C232B6FBFAEFFA24344B876BC839F0920D395
                                                                                                                                                                                    SHA-256:3850B3E025566F8AF7F6F26A1CDD363340E0AE0C936FB48547221AEE967D3D0D
                                                                                                                                                                                    SHA-512:7026A872144129EB03EAC8A341CFAC1D90E78ACDDBC21278D3E2EAA3E4458A10BEDD3EA9386E45133FEC876F60F4965C8FB10C4FDD0229A706DB0F4765198450
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.........6..9.1.269.39-electron.0............................................Y..........H....{\.........{..HB..,....RQi......$.X1..&Y.~IC*.h."b..[.....b..+VlQQ.b...~...-~...y.,,..........#C...y..9s...<..f!.'F.?...Ce..:...QA.`...S..*...ED...K..v.L....=&.I.[.A...<.e..j.7.m..?..~..j.......A..........~..dq..z.7y.......L...........f.7.m..;]..}.$E...'.["..z.<(.......$..b...H....1.>|$l.........W....|l.C.}Mz.`..J.{..>.....k..Jd..?....{.GKF:DX....]..............(............N.Di5..F..."a........L....l8..@:d@&..p)\.{...B!.B%.....8.7.Mp.n.....c....".......!x...O...,<./..p.^.7.mx.....' . ...X.p..%@..1..../@....$..,@.........+@.......+@..>.....(..L.*......V.:...h..I.f.Z.h..M.v.:....K.n.z....O.~.....`H.a.F...`L.q.&...`J.i.f...@....U.N.D. Z.1:..A...t...$.$. E..:H.G.^.d. [.9:..A..|:.. .."...J..:..A...tP..F.4.Y.-:h.A...u..N.t.[.=:..A...u0..A...`X.#:......u0..I.L.`Z.3:....I......z..C..b....x=$.!Q.IzH.C..R.......z..C..r....<=....C@.Ez(.C....P..Z=..^..zh.C..Z...6=..C..z..C.

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libEGL.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):459264
                                                                                                                                                                                    Entropy (8bit):6.29425484458973
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:tH0B/LCOJ7lTp0k7zKd0POc37Tta9pdEp2si0xiLB4Vz:tMCOJ7lFx7zxt6dEY0YLSV
                                                                                                                                                                                    MD5:F4F7C338F1EDBA8C21699DE3D59DE84D
                                                                                                                                                                                    SHA1:BF8A4BAE9ED120F3BA5F692D28300A7999CDB2DE
                                                                                                                                                                                    SHA-256:BEB21DB6E3793EFA3EE04F79D30427A2E9B163979558A5A0B51D5F26BD25055C
                                                                                                                                                                                    SHA-512:7D3FA5AF319D470FC0BF156099677A29E192EC12739611C30FC8E7A617A5160F5BF7ED81E1BAE2015A9AC477203178BA76651932959FF56CF23D1931A4411083
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...I<.a.........." ......................................................................`A....................................................P....`..........@>...........p..x...........................@...(....#..0...........(...(............................text...f........................... ..`.rdata.............................@..@.data... M....... ..................@....pdata..@>.......@..................@..@.00cfg..(....0......................@..@.tls.........@......................@..._RDATA.......P......................@..@.rsrc........`......................@..@.reloc..x....p......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\swiftshader\libGLESv2.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3217920
                                                                                                                                                                                    Entropy (8bit):6.42758323416052
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:WAtfKpPXV/5DdijA29+0QdjwSx+qovRYFDguXfol+4iduejy3bEW2ehvxLTL10dZ:FwNynDyguydMVW5vS
                                                                                                                                                                                    MD5:8501FA409502A3C9980C16616D3016F4
                                                                                                                                                                                    SHA1:27C1111A38807FCF1137A9D918BEFD1DAC84FA8F
                                                                                                                                                                                    SHA-256:45DE4C6817B7F804E2296633034791C89E5C244FFFD9583AD452BE3E7A4FA2BE
                                                                                                                                                                                    SHA-512:C7D911957321C71A8922B21E8682880BD43C7BF91D3A3885C3B6DAACD812FC7BB3E5710B8D45F059BFB2935A5215D2136D3EB58C2CCF9BD3A31E8B68598F7129
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...I<.a.........." ......+.........P.'.......................................6...........`A........................................0./.. ..%'/.d....06.......5..............@6..0..|...........................(....+.0...........P,/..............................text...f.+.......+................. ..`.rdata...J....+..L....+.............@..@.data........./.. ..../.............@....pdata........5......./.............@..@.00cfg..(.....6.......0.............@..@.tls....).....6.......0.............@..._RDATA....... 6.......0.............@..@.rsrc........06.......0.............@..@.reloc...0...@6..2....0.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\v8_context_snapshot.bin

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):165666
                                                                                                                                                                                    Entropy (8bit):7.994004691949108
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:3072:AbcON+Xngp8kSFZL/FTjjgIgyXpRRqtbhO3u3u73JYM0Su2+3OZe:Abc3Xgp8ksPqtFO32ujJe20J
                                                                                                                                                                                    MD5:E082A9FFD52E98B00E501E934A7E9D8D
                                                                                                                                                                                    SHA1:21746F70466633F881581D9BEE651619D8B4B109
                                                                                                                                                                                    SHA-256:08058FF9086099965041D0E85E8847704C624BAF689EC3BB6A041E7776332520
                                                                                                                                                                                    SHA-512:5B6A6F58A9037C260B1B76BB7605746C251641E20153B5E75D99F4B4AFB1367A7A44BA255034C9090E7C48748402A6E0BAD13DA2C4C3E8B7B88BD1D80898FD3B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.........*..9.1.269.39-electron.0............................................'..._..u................}.M....y8g.'.1.b<.P.".(.....=..3..0.B(..P.....F..(.".KQ.7.E.(%..Z....{......u....?..Y...Y.{...~{.?.V0........T.....e..=......v.f[j...Z.V..z..6.1..,.....?/%?$..?..e..$.....'*H~.N..$.y..a....#)..t....S..g*..~..q..B..)H............V0..OIZZZf..Z..L....^.l.-....@..............M}..d..o.............qr`..e{30|.\..,u...'............._].....yJ....i............o.._W..........X,.<.<k@..\....j.....v...:.{.}(.z.....@..#h8*C#Q.U....&..h.z.=....9..Z.^FkP-..mB....7...].>...F.E......K......~F....bAi..,.mA>...z....XPs.jeAm,...u......zXP...YP...Z.@..bAC-(hA...,...XP..-h..M....4.f[.<.ZhA.-h.....U...6X.f..jA.-h........Z...:fA',.....s.t..Z.e..bA.,....XQ..!+r[..2....5..&V..ZYQ.+joE.....u...V.kEyV.oE.V4..X.P+.Z.dE!+...1V...j+.hES.h.....V4..Z.b+ZjE+.h......V...Z.v+.iE..h....Vt..Y..+:eEg.......Vt..X.5+..,)(-....NA.......).I.j..Z..6).}.....n).G..MAy)(?...

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4704656
                                                                                                                                                                                    Entropy (8bit):6.2976127513130145
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:49152:73YxjaP0AETYj7g/yaI75j/7wiSmQEZLT/lbMnP3cuJUiId+R9iETUjdCB2KmGsH:6AbIASP1aRldRL
                                                                                                                                                                                    MD5:07B7E5F876BE24DB5926361E4F30AA30
                                                                                                                                                                                    SHA1:195D213E6AB7E13F8AA0307E607290F9FDE94541
                                                                                                                                                                                    SHA-256:7B5039481DBAF2F9DFA06F2AF4A1B03FEABD14BD625DFB1C569B443982F744BB
                                                                                                                                                                                    SHA-512:1B574048339E67D20E65778C8ACA3471E9B3066C408CE501AAF0B30037BDCFFA504514B1DED9496FDA0411FB5A2DB17CDA2F7B522D1C505F6BEB2501CDA987D0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...I<.a.........." .....J;..:.......G7.......................................M......|H...`A..........................................D.G.....E.P.....L......0K.t!....G..A....L.Te....D.......................D.(....s;.0.............E.p............................text....I;......J;................. ..`.rdata.......`;......N;.............@..@.data...TO....E..&....E.............@....pdata..t!...0K.."....E.............@..@.00cfg..(....`L.......G.............@..@.tls....A....pL.......G.............@..._RDATA........L.......G.............@..@.rsrc.........L.......G.............@..@.reloc..Te....L..f..."G.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\vk_swiftshader_icd.json

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):106
                                                                                                                                                                                    Entropy (8bit):4.724752649036734
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                    MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                    SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                    SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                    SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\vulkan-1.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):741264
                                                                                                                                                                                    Entropy (8bit):6.50676825531181
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:Zwc+2rLfirhAu07HvM5BSNraGMiuvo58Ap/45:Z82r79KBSwBiuv+45
                                                                                                                                                                                    MD5:471D474B6B65D40860913413A3F9580B
                                                                                                                                                                                    SHA1:5CE87421979DE2ED46267FA737051AD48C328E97
                                                                                                                                                                                    SHA-256:6DA50DF77A4F685287A9729069F58E18DB5F4E28D5579F5B9AD24153B85DBF6F
                                                                                                                                                                                    SHA-512:68E5EB34473EE5EA6304FD6E4777CCD557BBB665B9CFE888DFB701CCABCD381D1E66F530A576F9AE6EBB4828F660CE9D935002672DFB500F7C8B671392C371A2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...I<.a.........." .........0......@n....................................................`A........................................(...N...v...P................Q.......A......................................(.......0............................................text...v........................... ..`.rdata..............................@..@.data....K....... ..................@....pdata...Q.......R..................@..@.00cfg..(....P......................@..@.tls.........`......................@..._RDATA.......p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):136137616
                                                                                                                                                                                    Entropy (8bit):6.7076385364341
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1572864:NJnGqlEGhf8iPuHDMQyh9hFH9LBgeeeBgOY9Hf9CZT:3GqyiPujMQOG9HoT
                                                                                                                                                                                    MD5:7332992028A2C1F3CE747C62254B38E7
                                                                                                                                                                                    SHA1:ADD6422C181982BD8F62E74A03B73E1D13DDB4B8
                                                                                                                                                                                    SHA-256:309D776F02E2CA9AF266262754A418C6D3A8E5AC1007BC7579329A403910F6F3
                                                                                                                                                                                    SHA-512:02F4E7D286F433E37C2AAF5F8BD4423911039A5257E18D22EAC0D62684FE590746144D08EEBC13381EDE8A16BF3E4D813A6DA1079620349A52C831590333871A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...I<.a.........."..........>.......c.........@..............................X.....v%....`......................................... n.......w..h....PI.....`..Ty5......A....K.....x...........................(......0........... ........%..`....................text...p........................... ..`.rdata...;>.....<>.................@..@.data...|IB.........................@....pdata..Ty5..`...z5.................@..@.00cfg..(.....H.....................@..@.retplne`.....H..........................rodata.......I..................... ..`.tls......... I.....................@...CPADinfo8....0I.....................@..._RDATA.......@I.....................@..@.rsrc........PI.....................@..@.reloc........K......`..............@..B........................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\0f457d21-17bf-4e03-aa1f-a1ac32949cc3.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 6239690
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):1020941
                                                                                                                                                                                    Entropy (8bit):7.975818835844672
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:w/SR6k/9G91PWFACb3p2GZJjR0nmr1FV8E32sYld:x9G9NZCb3pZZJjREmjV8EmsYld
                                                                                                                                                                                    MD5:63A887D1C41C3E9220DB5EC6D994C34F
                                                                                                                                                                                    SHA1:3B05A0D38DF915D2E4AA803FD429CDDC2F5FEEB8
                                                                                                                                                                                    SHA-256:4E191C97FD1A3B9A3161EF245BB900D85E71D589E74B570E4DD265674F4AC455
                                                                                                                                                                                    SHA-512:0216E43B32274D9CB5BDFC051154FB3A9A9C9066D32EE13E6FEE9051C4EAFA84CA5EBFEB3B1F8E54ABCD20AB53D687BD10315DE7BBEC5AAE3AE3D6B9942D74B7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:...........}kw...........(R.e.4.:..M...i{..zA.PDL.<.hY...~.c..(..9.u..q0....={.......s>.(...7.O.......Y.9..O.....6.j%....6....X.....&...S-E..W.:?.3....Y.~s..d.*.3..Ep.....Y..qu....#>..*..F.U>....2_,. .T.&.\,.Lt...O..c...)...kw,..iNUW2..eZ....m!.M.u.p.[.....n..M.i 3bX.z.)):y.Q..nwa:..p.'s1.....,Za.Y.Z...!.C...|p..``.v.L...D.*.i......c...?..M.U.3X.M):eU.0G#=...h...Z....\Vc+6.aj.n...t....yg.."..-...q...2..e.)f".@0..K.Y'.2\...f...;i..`?+.e..E..C...z....>:.....,......`....oVU.^....B..j..|/..."..;%.~g...~...... ....."...n..6....J....3."P.?.....F.7..P!_.b......_.].;...@...."_.v))PO.(.*/.6.*..........U}.^........*._.y.c...[....8....8...:.B.K.$.=.>l...*.Y....... .Y.r&Yr)..a\p..|..:...p........D....z..............j.V.,......f....5.b..wt..D.....<l0..v.d..p.../..E.[.......Ui.q.=.........x{].. z...._.....@N}O.;\...l...1..fZ.'...W.GmD...XgR...z.....7.#4*;.].~';..:.1.'./...-ya2T...........,.G ..Os.OaD..,|/.....!...7.z...M....Kd.....4..._,..C..B,.2.@..w1.9....,tY..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\3c5de39b-cfee-451d-a162-8917bb0017fa.tmp.ico

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128 with PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):38694
                                                                                                                                                                                    Entropy (8bit):7.953930752283501
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:B2n8P41To+D29W4zYnr5yzh6aaeqit+RWI+c6C64QU3o6zgMoXh:B2R1spHYnnaaeqiwMy1H/FoXh
                                                                                                                                                                                    MD5:DEB10B95490C85A00AFE6FFE80F273AB
                                                                                                                                                                                    SHA1:6CF3D816D8B1455D81713FE731C844C9F6E15BEE
                                                                                                                                                                                    SHA-256:6D82D60633C58F1B46010D0F684A3048EE6E08F9D7DE347CC3924893F94E0442
                                                                                                                                                                                    SHA-512:033487B635846AE841A1C208165A2A02065644AA18CF1EE492AE988BCCF3A114951F85C4A483356E0C1CC30D9343AEFC565855F7CAA9C2FCCBEBFAA935DA3EB0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............ ..:............ .y...<;..``.... .Q....S..HH.... ......f..@@.... .a....s..00.... .....'... .... .............. ............... .Y.......PNG........IHDR.............\r.f..:mIDATx..y._U.....(h...O..v....V..Q...zZF..8..*.L..d... &.a4..1.......I ..!.E.).0f".{.o}..wN.9.}.u...]....=.....Zk....k...i...{...../X.......4i.s..Z..!.:w....J..5.z..A..[.#...F.:...'%.R..).Gp..S..N.?..!.........h7.O>uvZ.d.n.p.".y.0..Y.f..F\&.o.Z..$eyL>'..P.<F.y.....n7.|j\Z.h....w.N.8.4a.Q.O.T.......h...0n.).K}.9o.Oh..O>.*.h.....W..,.9s.VA.C.=m.'DS.!u..L!.A..}..4b.......C.s%LQ..T...."......1c.x....K2..W...!..3f.. hyD.K..|i.3d..O...O...../.....<!.m5`...G..1i..e...v...S.$..^c.=J>g..._.&...V......7n.g...'.z....w.......~....6q..W...S..]...~...0..S..F....v...G.]w...H..A..i<J..8D.[_....H...{..o....6.....E.O.....]t...4.S.&a...fAl5 ..A....../}...(...i..'.Mv.../#.r..9....1.*~.{j.O.K._|1..../..&d.|......E.|T..|j@.......T,.-...)..$...6..T.$.j.M...mB.(..}..K..dWm...I..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\81405a77-03fb-46fd-8a8d-32b4d884656f.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 32708
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):4740
                                                                                                                                                                                    Entropy (8bit):7.935522749668966
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:doJkiSioTqXPbenrx3Yllk6CPnCw7Ta/lwIGIkOa4r5LNOTnEjYgZ:WJkzTqXDeViq6A7m9hGIkOH6EjYgZ
                                                                                                                                                                                    MD5:ADEDE569BAB371804A21BC22358DAC1D
                                                                                                                                                                                    SHA1:8691CB3E349853CB990328FECD2AACDB33BC995D
                                                                                                                                                                                    SHA-256:8A2266A06992D3BC70B63322D7AB60F647F3E2DB0B0860CCD9A05748A5D95D78
                                                                                                                                                                                    SHA-512:281C515117F80D90931AAED4B94BC5BA5998C37B581B07997944F2F11B81C0DFD8A2B34D6E913C9C37FA91FF24F8262690534FD66FAD24CE8F727A2CDF64604F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............Kl\W...U.V]...i.Ug...........&..v.F.......O..R.Di...!.A*+....@.......@HP..T.UEUh9..w...{of.8-....w.=..=....l..Y..X.]b..7.TX..........".n.5...6.-jp..&..:..w..y......-S..\+...]....\oC./C."[.o.Y...F.*@......e.)C..a.eCl......N. .;...h....<......;..{. ....Y.w:..q.W..h..M..w....._t.].o5..g....G?..w.ht.....'#*. ..C..m[xc*.v.}t...?..g.Y.^..........5....U.n..m....(....j..}3..U...".x.z...w..7O.w.ZeY}.GW....5.+.T.N=s......._`..E..{.t.;K..*.:.(....N../.......3~..>....v-)...+.g.(..._..f....._%.[$....e}..M.mpk.*.<#>.,sI....$..Q.....O?.v/..d..0.q.V.*........|ms.-Ga....Zs.8.mdO..F*M.<..+....?...2a. N..]....6...<n~..]Z.G..|.....lnl:.#.a.........1..Om........."~......<6...R.V.c....=FS......H,.4g.L.d...A>.F}......q.F.....u.C.$.><W]....B..}b...<@...dgH.[N..0dX<Uf..j.o.w.. .....h.".PGhTq.%G.AH...%.G.=Z...w.p..j...T..G..F...^...;Y&.....m.$.~zX*/Z...q.z..ra=.....p.X.N-D<.q..... ...h*..`...P..Q.....E.4,.-..+..vv.nIz.VN............%.D.X

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\9e243358-8547-4f17-9223-a41ff30e3313.tmp.ico

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128 with PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):49899
                                                                                                                                                                                    Entropy (8bit):7.978432427152334
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:asYoct8mQ2AUTNtDMPrYQ7wBoSGzWm2GV3rv9NhAJulWUHN/1Qp9T+cFF48pQfNA:b6TASirYQ7yGzvR9v9oJXOOpUsF483d
                                                                                                                                                                                    MD5:62B9D37B7C240037F960EF63667464A4
                                                                                                                                                                                    SHA1:E9E7D02C2C172F0D424B2C98B814E03C20C4D4E2
                                                                                                                                                                                    SHA-256:B106FA01391560F943CB121A92D26CEF7D1EBCB1603AB003EF803D767460F22B
                                                                                                                                                                                    SHA-512:239F5B36CF52B3D118E3FFD231593726870BD50D2763BD40B5B88625224E095CBE2417D74B0238C69E2B54C1F0AE5F4C5B59D20E66E462D6D506DF4A379B96CB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............ .fP............ .Q ...P..``.... .....Mq..HH.... .....-...@@.... ........00.... ......... .... .X............. .....o......... ..........PNG........IHDR.............\r.f..P-IDATx..].......zeaY..9^.&L..1.......UD..$..**&T..L.."9....y'.L...L...t.t...>....T..:.....\Joj>.w.g.._.z..g...zb...n(....I..].......8...............=...6z...4`...... .6-7{....-7y...n.S...\*......>>...P..O.<..3k.~.jM........(.s...1.+.gk...4_......KiG.m..|.-..../O..]...;@..<.=n...;.Xq..'V...b...o.V..~]r.Q...O5.A.B.xbe......VF..A.......m(~.......\J)5...T...m....-ZMJ....O......%.l.$..Gg...}\r.rzqs...,.n....1O......Y.a..=.<.s...mw...azf...Sk=.Z]4...E%...Z........~k....D..U._...0.......G....F.Uv..K.%...y*?:.`.g...........X.........?p....KQ....<.....V...bUQ!.Z...!r/F.9........\z.O..!}>+..XUT.|y....h.d....n...)=<kw...t.Pn...E.q.%9}./=~....R9.f3..n.$gP.UE..W.1E@@...)+.r.D~-i.._Y.||Y.....lX..$we.K..].&Vh.....83!l!.JU......rU.....[5....v.KiNw....f..=...U.....

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsv30A.tmp\StdUtils.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):102400
                                                                                                                                                                                    Entropy (8bit):6.729923587623207
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                                                                                    MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                    SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                    SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                    SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                                    Entropy (8bit):5.719859767584478
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                                    MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                    SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                    SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                    SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsv30A.tmp\UAC.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):14848
                                                                                                                                                                                    Entropy (8bit):5.715583967305762
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
                                                                                                                                                                                    MD5:ADB29E6B186DAA765DC750128649B63D
                                                                                                                                                                                    SHA1:160CBDC4CB0AC2C142D361DF138C537AA7E708C9
                                                                                                                                                                                    SHA-256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08
                                                                                                                                                                                    SHA-512:B28ADCCCF0C33660FECD6F95F28F11F793DC9988582187617B4C113FB4E6FDAD4CF7694CD8C0300A477E63536456894D119741A940DDA09B7DF3FF0087A7EADA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#.?NB.lNB.lNB.li..lEB.lNB.l.B.li..lMB.li..lOB.li..lOB.li..lOB.lRichNB.l................PE..L...@.dU...........!.....,...........).......@...............................p.......................................;..<....3..x....P.......................`..........................................................\............................text....+.......,.................. ..`.data...d....@.......0..............@....rsrc........P.......2..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsv30A.tmp\WinShell.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3072
                                                                                                                                                                                    Entropy (8bit):3.3907428713435226
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:eFGSizG71F+wwBhckFZEdnNLYFI6StBy1FMG/N9+ChRXZ76l/bkJZksWVtfa:iiGv+wwBh/+l42pcp7+jkJ2vTfa
                                                                                                                                                                                    MD5:1CC7C37B7E0C8CD8BF04B6CC283E1E56
                                                                                                                                                                                    SHA1:0B9519763BE6625BD5ABCE175DCC59C96D100D4C
                                                                                                                                                                                    SHA-256:9BE85B986EA66A6997DDE658ABE82B3147ED2A1A3DCB784BB5176F41D22815A6
                                                                                                                                                                                    SHA-512:7ACF7F8E68AA6066B59CA9F2AE2E67997E6B347BC08EB788D2A119B3295C844B5B9606757168E8D2FBD61C2CDA367BF80E9E48C9A52C28D5A7A00464BFD2048F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................[........[....[....[...Rich..........PE..L.....1T.........."!......................... ...............................0..................................................<............................ ..4....................................................................................text...B........................... ..`.reloc..L.... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsv30A.tmp\app-64.7z

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:7-zip archive data, version 0.4
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):86308237
                                                                                                                                                                                    Entropy (8bit):7.999995306394787
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:1572864:/yVzqhVL3BFk9+mLcrnjgntw0aJxf5NB76Rj8zMK7/Q+Z+0iwGJ:aohVL3aqrnjgntgJxDB7Sj8Y8NZbAJ
                                                                                                                                                                                    MD5:8275CAB0CEB25B268B1558971390E10B
                                                                                                                                                                                    SHA1:F64097A9FB5CB30F5C9CB925B8BE0182ACDC4178
                                                                                                                                                                                    SHA-256:64B55751B04A56F10F44417BA0FF3B3D87F25FB4163752BE823F32D8EE8DE826
                                                                                                                                                                                    SHA-512:983D331F2AD901F4475DB8AEEF3FED29EE32D6BEB49B11468DAC7834222711E270C10A84AB95B3A3DCF12B825916F1B0B38AD56D50C42587441569469BB2C376
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:7z..'......H.$.....%........U1...G..].!....w.f....}.%...2..r..(..+....;....*.0...Ml..&.[..A(.b..^...V"..w..*.:..4.(....L..Uoz.8m...y.$5..j.g.6.d...H...=.s.)w..R.A...l.k.?.+...sv....[.v.svm..E.Y.x.e.].....U......v..E.:&.....-.0...._..P..$.SW.....2.....9.....,.NC.e.]Q......lH..U#.J.._....Y.ZdQ.R..........o....f[......K;A...o_A<../...O...e~.....^.u.2..$GLJC.R.XF.oh.w.n.[..Y.7....."|~W....=_.......P..V..J.;>.B...'....F>.R....r.;.zF.z...iB~`...'...?Vtm.h...l../1TY...w.6...q.. Q..F?...}....s.7...........`Y2R......v`.&....[Rs#..L...u....#..;..k..2....Ps.nobJ...;..>u...5....9:......1.5u.g1.s`.........c.2.......N!Zi.._..Q....W..fj...U....2..I.8..A.(.2.N.3.D.l]v..{{..K6....).CR...|n N....]...B.Gl.._.._.ZpHS....._m{p}.s...Q...My(.h...G.'.<....E..8.kVS...........w.X1.&..?.....h`P...T....V`.gN..s..p..z..;.L1.{.6d.....LEF.....w........UlK.../..^..R..).T..q..8...Tc.[.).:....&}....^Vj.....^..s....YJ..E..........#tU__.....9m....D....H.w....#,97.|n

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsv30A.tmp\modern-wizard.bmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154490, resolution 11808 x 11808 px/m, cbSize 154544, bits offset 54
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):154544
                                                                                                                                                                                    Entropy (8bit):2.3258352355662457
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:EWQsvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvW:ER4N4S/992/zDmrkVIe1ULo2K
                                                                                                                                                                                    MD5:52FF52EEE3B944B862C11C268A02C196
                                                                                                                                                                                    SHA1:8D041966E6FBA10AA5E10CE5DC1DC5175F11B2FE
                                                                                                                                                                                    SHA-256:2079F7A3EBA60E0D9EE827A7208AA052A71B384873B641DE5E299AEB8E733109
                                                                                                                                                                                    SHA-512:2861AE5A06F8413810947C08994F4C0DA54A1ACEE8C4DF72CD8B03A9503B26E5512809F8D70FD584239B04A651E7329A701BF7DDCEE2DEC2C2E14D05AE74F220
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:BM.[......6...(.......:...........z[.. ... ............x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..x..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsDialogs.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):9728
                                                                                                                                                                                    Entropy (8bit):5.1559889224761974
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:olsHeylO012En8pqHtcE0PuAgkOyvIFc:oATI0d8pUP0WAgkBvIFc
                                                                                                                                                                                    MD5:466179E1C8EE8A1FF5E4427DBB6C4A01
                                                                                                                                                                                    SHA1:EB607467009074278E4BD50C7EAB400E95AE48F7
                                                                                                                                                                                    SHA-256:1E40211AF65923C2F4FD02CE021458A7745D28E2F383835E3015E96575632172
                                                                                                                                                                                    SHA-512:7508A29C722D45297BFB090C8EB49BD1560EF7D4B35413F16A8AED62D3B1030A93D001A09DE98C2B9FEA9ACF062DC99A7278786F4ECE222E7436B261D14CA817
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L....~.\...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsProcess.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4608
                                                                                                                                                                                    Entropy (8bit):4.703695912299512
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
                                                                                                                                                                                    MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
                                                                                                                                                                                    SHA1:B058E3FCFB7B550041DA16BF10D8837024C38BF6
                                                                                                                                                                                    SHA-256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
                                                                                                                                                                                    SHA-512:F91FCEA19CBDDF8086AFFCB63FE599DC2B36351FC81AC144F58A80A524043DDEAA3943F36C86EBAE45DD82E8FAF622EA7B7C9B776E74C54B93DF2963CFE66CC7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n}f.L...I...P...@..K...@..H...@..H...RichI...........................PE..L...\..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..|.................................................... ..d............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsv30A.tmp\nsis7z.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):434176
                                                                                                                                                                                    Entropy (8bit):6.584811966667578
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                                                                                    MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                    SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                    SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                    SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):86971128
                                                                                                                                                                                    Entropy (8bit):7.999983599741069
                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                    SSDEEP:1572864:rryVzqhVL3BFk9+mLcrnjgntw0aJxf5NB76Rj8zMK7/Q+Z+0iwGv:rmohVL3aqrnjgntgJxDB7Sj8Y8NZbAv
                                                                                                                                                                                    MD5:DF0DAAE26FB3F58A6B9CE4D144A81B48
                                                                                                                                                                                    SHA1:38E41AB0E2712F7762C6D8B56892362CBB1B6744
                                                                                                                                                                                    SHA-256:EE9C745EC13FB4389968431701FECABAA3FD85F607E694E0D8747703A60FE0DC
                                                                                                                                                                                    SHA-512:4FFC18191C305F0FC60F96DD293026694E8734052543FFDD2121A2649421B74CC0BF1D121C7513CBDD03EE385BB12033DA17D04D10C0FC6717389E0A3D2704A6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@...3............@...........................#.....*]/...@...........................................". ...........h....A...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...................................rsrc... .....".....................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\zentaoclient-updater\installer.exe:Zone.Identifier

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):26
                                                                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.acl

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:Qn:Qn
                                                                                                                                                                                    MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                    SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                    SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                    SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.dic

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:Qn:Qn
                                                                                                                                                                                    MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                    SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                    SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                    SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.exc

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:Qn:Qn
                                                                                                                                                                                    MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                                    SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                                    SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                                    SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??.lnk

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Apr 18 16:34:30 2024, mtime=Thu Apr 18 16:34:31 2024, atime=Thu Apr 11 00:35:40 2024, length=136137616, window=hide
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2363
                                                                                                                                                                                    Entropy (8bit):3.905456451955002
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:89dm8RQ6ummC1TGKAJ9GKd9GK2ZpqGK3Ryc3:89QQhRBnA3bB3Ry
                                                                                                                                                                                    MD5:7FC6ED7DE491181FD835A1B57916D4D9
                                                                                                                                                                                    SHA1:715C3C0A473537512F4D4718145C671C8EF8A2AC
                                                                                                                                                                                    SHA-256:A63E2B6F08FF4B7A7CB56FD0AE66D09DE152A097C4D87B32C9DF17C82359558F
                                                                                                                                                                                    SHA-512:D4E33DFF2CCF1AB1E29E01905B296D89683330B5C392866380C4049A6B7D736E8A7CDE6ACD31A772E952010EEC2FA3CF4DBEC7BB9E45CB09A3037988ECC5F30B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:L..................F.@.. ....q.......................K......................8.:..DG..Yr?.D..U..k0.&...&......vk.v......'......gD.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.XD............................%..A.p.p.D.a.t.a...B.P.1......XR...Local.<......CW.^.XR.....b.........................L.o.c.a.l.....Z.1......XF...Programs..B......XF..XF.............................c.P.r.o.g.r.a.m.s.....b.1......XP...ZENTAO~1..J......XJ..XP............................e'.z.e.n.t.a.o.c.l.i.e.n.t.....n.2..K...Xt. .ZENTAO~1.EXE..R......XP..XP......C........................z.e.n.t.a.o.c.l.i.e.n.t...e.x.e.......r...............-.......q...........?.@......C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe.....N.l.NOS.T.vJ.)Yo..N;.....\.....\.....\.....\.....\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.z.e.n.t.a.o.c.l.i.e.n.t.\.z.e.n.t.a.o.c.l.i.e.n.t...e.x.e.2.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.z.e.n.t.a.o.c.l.i.e.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js\index

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                    Entropy (8bit):2.8981641637663254
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:qeY+KcyR0EmxGn:qeKP9GG
                                                                                                                                                                                    MD5:12A48437CAB10826135AF742834EB853
                                                                                                                                                                                    SHA1:7AB672465B8CAAE6302F9D687397CD2442FF7A54
                                                                                                                                                                                    SHA-256:56B8E8868F56DE308CC1841D64DC015AD70224CABE5D24D237DE7A13AC4BF100
                                                                                                                                                                                    SHA-512:B95377FE9D02BE34EADEE07A81BEFA32E7EFCFFAA2535BA71D4BCDCD7617628A70E31C75096C6AF22BC38115266E78F9E60B41DBBBE99D93546E018D19970554
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:(...7{=[oy retne..........................e..t/.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                    Entropy (8bit):2.8981641637663254
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:qeY+KcyR0EmxGn:qeKP9GG
                                                                                                                                                                                    MD5:12A48437CAB10826135AF742834EB853
                                                                                                                                                                                    SHA1:7AB672465B8CAAE6302F9D687397CD2442FF7A54
                                                                                                                                                                                    SHA-256:56B8E8868F56DE308CC1841D64DC015AD70224CABE5D24D237DE7A13AC4BF100
                                                                                                                                                                                    SHA-512:B95377FE9D02BE34EADEE07A81BEFA32E7EFCFFAA2535BA71D4BCDCD7617628A70E31C75096C6AF22BC38115266E78F9E60B41DBBBE99D93546E018D19970554
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:(...7{=[oy retne..........................e..t/.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm\index

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                    Entropy (8bit):2.8981641637663254
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:qeY+KcyR0EmxGn:qeKP9GG
                                                                                                                                                                                    MD5:12A48437CAB10826135AF742834EB853
                                                                                                                                                                                    SHA1:7AB672465B8CAAE6302F9D687397CD2442FF7A54
                                                                                                                                                                                    SHA-256:56B8E8868F56DE308CC1841D64DC015AD70224CABE5D24D237DE7A13AC4BF100
                                                                                                                                                                                    SHA-512:B95377FE9D02BE34EADEE07A81BEFA32E7EFCFFAA2535BA71D4BCDCD7617628A70E31C75096C6AF22BC38115266E78F9E60B41DBBBE99D93546E018D19970554
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:(...7{=[oy retne..........................e..t/.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                    Entropy (8bit):2.8981641637663254
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:qeY+KcyR0EmxGn:qeKP9GG
                                                                                                                                                                                    MD5:12A48437CAB10826135AF742834EB853
                                                                                                                                                                                    SHA1:7AB672465B8CAAE6302F9D687397CD2442FF7A54
                                                                                                                                                                                    SHA-256:56B8E8868F56DE308CC1841D64DC015AD70224CABE5D24D237DE7A13AC4BF100
                                                                                                                                                                                    SHA-512:B95377FE9D02BE34EADEE07A81BEFA32E7EFCFFAA2535BA71D4BCDCD7617628A70E31C75096C6AF22BC38115266E78F9E60B41DBBBE99D93546E018D19970554
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:(...7{=[oy retne..........................e..t/.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_0

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_1

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_2

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\data_3

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\GPUCache\index

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                    Entropy (8bit):9.629307656487099E-4
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:LsFl0l0K1:LsFK0K1
                                                                                                                                                                                    MD5:3B405E83D9E94674FF6BB4668B5C11B7
                                                                                                                                                                                    SHA1:0C8A82660F057A24EEA95E01C416880528EBC3F8
                                                                                                                                                                                    SHA-256:F8A3A50BC8D322B08111DACC8B895C87C59FE4C4A71AB72FBD3E52B653D99F5E
                                                                                                                                                                                    SHA-512:BA91DEA97A35F1DE17A235CB9D0517D01D3A15121F1C32E68750484CEFDE0DB11706C00C58C9D1912924F7F6A4CD20B1E2E3DCCB6C7B5CA3D93644BC6019018D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:..........................................e..t/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\000003.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):138
                                                                                                                                                                                    Entropy (8bit):5.119834114129805
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:4dBltolg30kUkio1tsSTmpBI6DkwHjJQlmkJncIUmkwRKaW66Xn:4H45mionl6DkwH6lmkfUmkDaW3Xn
                                                                                                                                                                                    MD5:CBEF97F4691DF0AE901CB4338154C201
                                                                                                                                                                                    SHA1:EB59492BDF65692BC849F3C6C124295DE0C40AC4
                                                                                                                                                                                    SHA-256:F0A7EAD5FDC7BBC94C33874338D06FBEFC4794448942A61CF0FB7B2E982C7F3E
                                                                                                                                                                                    SHA-512:000329958065FF132E7C89F154D205DA8B40D9DA7F236D1F73B0E1760ACC2BDA0FF05C3AE1023BE4CAADFB43C3CD612CD900BA74AA06817CF4046AA255E4BCFE
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.f...................VERSION.1..META:file://.............._file://..LANG_NAME..en.._file://..loginedUsers..{}.._file://..__storejs__test__

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\LOG

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):255
                                                                                                                                                                                    Entropy (8bit):5.219276520984462
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6:svQL1wknaZ5o/2jM8B2KLlSvYyq2PwknaZ5o/2jMGIFUv:bqrHogFLpyvYrHozFUv
                                                                                                                                                                                    MD5:A1851A360DCB6C52DBA15F0376DD654E
                                                                                                                                                                                    SHA1:A8AD78DE75ED86538AAEB79157069083D791EF4E
                                                                                                                                                                                    SHA-256:9B1340743058C2F27D4C3212682B69B87729E7B4E0F433232CE266ECACDDA6AC
                                                                                                                                                                                    SHA-512:107485A23ABDEFD30831280FF4CA764158103E8082893A1D5E66F750C76EC3D717D77ED84B42EFBF597AE54B17C145BA56EC739443A2798E70A81ED40FC2965A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:2024/04/18-19:34:41.606 e70 Creating DB C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb since it was missing..2024/04/18-19:34:41.651 e70 Reusing MANIFEST C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Network Persistent State (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                    Entropy (8bit):4.619434150836742
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                    MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                    SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                    SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                    SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Preferences (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):57
                                                                                                                                                                                    Entropy (8bit):4.283088322451805
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:YWVbSZAjMx/ALfnH4JaGqx41n:YWNlDGn
                                                                                                                                                                                    MD5:329622F40165883B656ABAB0D93674C4
                                                                                                                                                                                    SHA1:DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87
                                                                                                                                                                                    SHA-256:2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
                                                                                                                                                                                    SHA-512:BF9173F47118D3FD466378CA186B74EFB7481AF15AEABD0BDBA43331721D93F5F9E4D1FD94F38873B8DBA9352D2EB4BF8044A21C52A52409615E3E25894393CF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{"spellcheck":{"dictionaries":["en-GB"],"dictionary":""}}

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\000001.dbtmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\000003.log

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:data
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):201
                                                                                                                                                                                    Entropy (8bit):4.80352264692829
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6:S85avqWlllaH9Fy+Lq4Ql14EREWzMKlJSlwn:S+avqWllY9Fdm4Iq8Nywn
                                                                                                                                                                                    MD5:AE4A79D7ECD0EAB951B91C3FF1F6B248
                                                                                                                                                                                    SHA1:CBD57A395614C3CDA8BEC12B10761B5638125030
                                                                                                                                                                                    SHA-256:DAE52D6A582B8B6EA53B9C875DEF1BE23915291581B9EE59D39625AB60963F0A
                                                                                                                                                                                    SHA-512:DE15608008F05155A0EFD7F30DDCF08B11D49CE6979644C96319AC71865746F269E471603CDC999132395BCCF1579B71C42E4DD9EE51EFB51DAD35FBBD418C84
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:*...#................version.1..namespace-9;..V................next-map-id.1.7namespace-23f0fcf4_f0f9_4094_b9f5_502611146fb6-file:///.0..)-;................map-0-lastOpenTime.1.7.1.3.4.6.1.6.8.7.9.8.4.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\CURRENT (copy)

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\LOG

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):245
                                                                                                                                                                                    Entropy (8bit):5.117878756338765
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6:svHocK1wknaZ5oHQM72KLlSvHgTq2PwknaZ5oHQMxIFUv:ejrHoLLGQvYrHomFUv
                                                                                                                                                                                    MD5:93E757F23CF77A5E1BEE1D2663F5A112
                                                                                                                                                                                    SHA1:EF984861237055C6ED6B4030481DA1974C4E6305
                                                                                                                                                                                    SHA-256:ECFDC86543F658EBF10A033350B73019887A56EE317769669225C20577F68699
                                                                                                                                                                                    SHA-512:92E9DAF170C888F9B69FEA4B811CF4C93662D19A372BE77818CB9034F02307AA71BD3D911A50D8717E3F4C76C146AE45BD4D58FCFE7625F997604F0DE6C744BC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:2024/04/18-19:34:47.986 1970 Creating DB C:\Users\user\AppData\Roaming\zentaoclient\Session Storage since it was missing..2024/04/18-19:34:47.996 1970 Reusing MANIFEST C:\Users\user\AppData\Roaming\zentaoclient\Session Storage/MANIFEST-000001.

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\Session Storage\MANIFEST-000001

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\a40a4cd2-efa3-4554-8d9c-b29689e538c2.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):57
                                                                                                                                                                                    Entropy (8bit):4.283088322451805
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:YWVbSZAjMx/ALfnH4JaGqx41n:YWNlDGn
                                                                                                                                                                                    MD5:329622F40165883B656ABAB0D93674C4
                                                                                                                                                                                    SHA1:DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87
                                                                                                                                                                                    SHA-256:2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
                                                                                                                                                                                    SHA-512:BF9173F47118D3FD466378CA186B74EFB7481AF15AEABD0BDBA43331721D93F5F9E4D1FD94F38873B8DBA9352D2EB4BF8044A21C52A52409615E3E25894393CF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{"spellcheck":{"dictionaries":["en-GB"],"dictionary":""}}

                                                                                                                                                                                    C:\Users\user\AppData\Roaming\zentaoclient\c6479286-c23a-4895-9dc7-464f55ab4adf.tmp

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                    Entropy (8bit):4.619434150836742
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                    MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                    SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                    SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                    SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                    C:\Users\user\Desktop\??.lnk

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Apr 18 16:34:30 2024, mtime=Thu Apr 18 16:34:37 2024, atime=Thu Apr 11 00:35:40 2024, length=136137616, window=hide
                                                                                                                                                                                    Category:modified
                                                                                                                                                                                    Size (bytes):2355
                                                                                                                                                                                    Entropy (8bit):3.9041070134183675
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:84dm8RMtkYjmC1KGKAJ9GKd9GK2ZpqGK3Ryc3:84QQ+5jBGA3bB3Ry
                                                                                                                                                                                    MD5:C2491672226D031C0FEC695471DC9E82
                                                                                                                                                                                    SHA1:F6E79907E6A6A274F46BBB50C22512392DF92B7E
                                                                                                                                                                                    SHA-256:21BF5B5E223B9262AB9DCAE339FB251C88B3DFCC98B56192B52C436157C662EE
                                                                                                                                                                                    SHA-512:C8F319333A7BD1E1E3BAC5CE8FE9C09EBE96CF329772466E3080D34471054921C0093393E50A6E4CAEA1FC31F37D46163E03AA62536C8718C81D937147E4B282
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:L..................F.@.. ....q........Y..............K......................8.:..DG..Yr?.D..U..k0.&...&......vk.v......'......gD.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.XD............................%..A.p.p.D.a.t.a...B.P.1......XR...Local.<......CW.^.XR.....b.........................L.o.c.a.l.....Z.1......XJ...Programs..B......XF..XS...............................P.r.o.g.r.a.m.s.....b.1......XS...ZENTAO~1..J......XJ..XS............................Yy.z.e.n.t.a.o.c.l.i.e.n.t.....n.2..K...Xt. .ZENTAO~1.EXE..R......XP..XP......C........................z.e.n.t.a.o.c.l.i.e.n.t...e.x.e.......r...............-.......q...........?.@......C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe.....N.l.NOS.T.vJ.)Yo..N7.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.z.e.n.t.a.o.c.l.i.e.n.t.\.z.e.n.t.a.o.c.l.i.e.n.t...e.x.e.2.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.z.e.n.t.a.o.c.l.i.e.n.t.C.C.

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                    Entropy (8bit):7.999983599741069
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                    File name:SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    File size:86'971'128 bytes
                                                                                                                                                                                    MD5:df0daae26fb3f58a6b9ce4d144a81b48
                                                                                                                                                                                    SHA1:38e41ab0e2712f7762c6d8b56892362cbb1b6744
                                                                                                                                                                                    SHA256:ee9c745ec13fb4389968431701fecabaa3fd85f607e694e0d8747703a60fe0dc
                                                                                                                                                                                    SHA512:4ffc18191c305f0fc60f96dd293026694e8734052543ffdd2121a2649421b74cc0bf1d121c7513cbdd03ee385bb12033da17d04d10c0fc6717389e0a3d2704a6
                                                                                                                                                                                    SSDEEP:1572864:rryVzqhVL3BFk9+mLcrnjgntw0aJxf5NB76Rj8zMK7/Q+Z+0iwGv:rmohVL3aqrnjgntgJxDB7Sj8Y8NZbAv
                                                                                                                                                                                    TLSH:24183351C4798FF9E8C7B7FB61142288B757D7340D144B8EAA3E278C9072EE66E1106E
                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:0f39b0cd644c6d17

                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                    General

                                                                                                                                                                                    Entrypoint:0x40338f
                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                    Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                    Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                    Signature Valid:true
                                                                                                                                                                                    Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                                                                                                    Error Number:0
                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                    • 15/06/2022 01:00:00 15/06/2025 00:59:59
                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                    • CN="Qingdao Nature Easy Soft Network Technology Co., Ltd.", O="Qingdao Nature Easy Soft Network Technology Co., Ltd.", S=Shandong Sheng, C=CN
                                                                                                                                                                                    Version:3
                                                                                                                                                                                    Thumbprint MD5:8773934C6CCE3AA83B1FDF0AB7D9F5D2
                                                                                                                                                                                    Thumbprint SHA-1:AAF472FBB8BBC473E7F714804547F26605BB1018
                                                                                                                                                                                    Thumbprint SHA-256:D22BD40062CBFD14589B70B5F62D06B55F3CEB88C2B226779850078A24BF3BAF
                                                                                                                                                                                    Serial:0FCB67379CC51C1260E9E70014FBFD27

                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                    Instruction
                                                                                                                                                                                    sub esp, 000002D4h
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    push esi
                                                                                                                                                                                    push edi
                                                                                                                                                                                    push 00000020h
                                                                                                                                                                                    pop edi
                                                                                                                                                                                    xor ebx, ebx
                                                                                                                                                                                    push 00008001h
                                                                                                                                                                                    mov dword ptr [esp+14h], ebx
                                                                                                                                                                                    mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                    call dword ptr [004080A8h]
                                                                                                                                                                                    call dword ptr [004080A4h]
                                                                                                                                                                                    and eax, BFFFFFFFh
                                                                                                                                                                                    cmp ax, 00000006h
                                                                                                                                                                                    mov dword ptr [0047AEECh], eax
                                                                                                                                                                                    je 00007F9110710EE3h
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    call 00007F9110714195h
                                                                                                                                                                                    cmp eax, ebx
                                                                                                                                                                                    je 00007F9110710ED9h
                                                                                                                                                                                    push 00000C00h
                                                                                                                                                                                    call eax
                                                                                                                                                                                    mov esi, 004082B0h
                                                                                                                                                                                    push esi
                                                                                                                                                                                    call 00007F911071410Fh
                                                                                                                                                                                    push esi
                                                                                                                                                                                    call dword ptr [00408150h]
                                                                                                                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                    cmp byte ptr [esi], 00000000h
                                                                                                                                                                                    jne 00007F9110710EBCh
                                                                                                                                                                                    push 0000000Ah
                                                                                                                                                                                    call 00007F9110714168h
                                                                                                                                                                                    push 00000008h
                                                                                                                                                                                    call 00007F9110714161h
                                                                                                                                                                                    push 00000006h
                                                                                                                                                                                    mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                    call 00007F9110714155h
                                                                                                                                                                                    cmp eax, ebx
                                                                                                                                                                                    je 00007F9110710EE1h
                                                                                                                                                                                    push 0000001Eh
                                                                                                                                                                                    call eax
                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                    je 00007F9110710ED9h
                                                                                                                                                                                    or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                    push ebp
                                                                                                                                                                                    call dword ptr [00408044h]
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    call dword ptr [004082A0h]
                                                                                                                                                                                    mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    lea eax, dword ptr [esp+34h]
                                                                                                                                                                                    push 000002B4h
                                                                                                                                                                                    push eax
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    push 00440208h
                                                                                                                                                                                    call dword ptr [00408188h]
                                                                                                                                                                                    push 0040A2C8h

                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                    Data Directories

                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x22b0000xee20.rsrc
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x52ed1680x4190
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                    Sections

                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                    .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .ndata0x7b0000x1b00000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .rsrc0x22b0000xee200xf000af9454e4e09f1fdb9507de89c9e102e2False0.8455891927083333data7.5245837090721235IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                    Resources

                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                    RT_ICON0x22b7480x5066PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9987853464192012
                                                                                                                                                                                    RT_ICON0x2307b00x2051PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0013296264958298
                                                                                                                                                                                    RT_ICON0x2328080x17e0PNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017997382198953
                                                                                                                                                                                    RT_ICON0x233fe80x119dPNG image data, 72 x 72, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0024395653138167
                                                                                                                                                                                    RT_ICON0x2351880xeb6PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0029208709506108
                                                                                                                                                                                    RT_ICON0x2360400xa97PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0040575433419403
                                                                                                                                                                                    RT_ICON0x236ad80x658PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0067733990147782
                                                                                                                                                                                    RT_ICON0x2371300x49ePNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States1.009306260575296
                                                                                                                                                                                    RT_ICON0x2375d00x3dePNG image data, 16 x 16, 8-bit colormap, non-interlacedEnglishUnited States0.9222222222222223
                                                                                                                                                                                    RT_DIALOG0x2379b00x120dataEnglishUnited States0.5138888888888888
                                                                                                                                                                                    RT_DIALOG0x237ad00x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                    RT_DIALOG0x237cd80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                    RT_DIALOG0x237dd00xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                    RT_DIALOG0x237ec00x10cdataEnglishUnited States0.5111940298507462
                                                                                                                                                                                    RT_DIALOG0x237fd00x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                    RT_DIALOG0x2381c00xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                    RT_DIALOG0x2382a80xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                    RT_DIALOG0x2383880x110dataEnglishUnited States0.5183823529411765
                                                                                                                                                                                    RT_DIALOG0x2384980x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                    RT_DIALOG0x2386900xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                    RT_DIALOG0x2387780xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                    RT_DIALOG0x2388580x118dataEnglishUnited States0.5321428571428571
                                                                                                                                                                                    RT_DIALOG0x2389700x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                    RT_DIALOG0x238b700xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                    RT_DIALOG0x238c600xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                    RT_DIALOG0x238d480x10cdataEnglishUnited States0.5111940298507462
                                                                                                                                                                                    RT_DIALOG0x238e580x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                    RT_DIALOG0x2390480xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                    RT_DIALOG0x2391300xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                    RT_DIALOG0x2392100x120dataEnglishUnited States0.5381944444444444
                                                                                                                                                                                    RT_DIALOG0x2393300x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                    RT_DIALOG0x2395380xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                    RT_DIALOG0x2396300xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                    RT_GROUP_ICON0x2397200x84dataEnglishUnited States0.7196969696969697
                                                                                                                                                                                    RT_VERSION0x2397a80x250dataEnglishUnited States0.5540540540540541
                                                                                                                                                                                    RT_MANIFEST0x2399f80x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                    Imports

                                                                                                                                                                                    DLLImport
                                                                                                                                                                                    KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                    USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                    SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                    ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    No network behavior found

                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:19:34:10
                                                                                                                                                                                    Start date:18/04/2024
                                                                                                                                                                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Heur.21832.3236.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:86'971'128 bytes
                                                                                                                                                                                    MD5 hash:DF0DAAE26FB3F58A6B9CE4D144A81B48
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                    Start time:19:34:39
                                                                                                                                                                                    Start date:18/04/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe"
                                                                                                                                                                                    Imagebase:0x7ff72bec0000
                                                                                                                                                                                    File size:136'137'616 bytes
                                                                                                                                                                                    MD5 hash:7332992028A2C1F3CE747C62254B38E7
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                    Start time:19:34:42
                                                                                                                                                                                    Start date:18/04/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=gpu-process --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:2
                                                                                                                                                                                    Imagebase:0x7ff76d7f0000
                                                                                                                                                                                    File size:136'137'616 bytes
                                                                                                                                                                                    MD5 hash:7332992028A2C1F3CE747C62254B38E7
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                    Start time:19:34:45
                                                                                                                                                                                    Start date:18/04/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --service-sandbox-type=none --ignore-urlfetcher-cert-requests=true --ignore-certificate-errors=true --enable-experimental-web-platform-features --ignore-certificate-errors=true --mojo-platform-channel-handle=1976 /prefetch:8
                                                                                                                                                                                    Imagebase:0x7ff76d7f0000
                                                                                                                                                                                    File size:136'137'616 bytes
                                                                                                                                                                                    MD5 hash:7332992028A2C1F3CE747C62254B38E7
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                    Start time:19:34:47
                                                                                                                                                                                    Start date:18/04/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-GB --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
                                                                                                                                                                                    Imagebase:0x7ff76d7f0000
                                                                                                                                                                                    File size:136'137'616 bytes
                                                                                                                                                                                    MD5 hash:7332992028A2C1F3CE747C62254B38E7
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                    Start time:19:34:49
                                                                                                                                                                                    Start date:18/04/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\zentaoclient\zentaoclient.exe" --type=renderer --enable-experimental-web-platform-features --field-trial-handle=1604,15735583474717430825,16040306059436304636,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-GB --app-user-model-id=com.cnezsoft.zentaoclient --app-path="C:\Users\user\AppData\Local\Programs\zentaoclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
                                                                                                                                                                                    Imagebase:0x7ff76d7f0000
                                                                                                                                                                                    File size:136'137'616 bytes
                                                                                                                                                                                    MD5 hash:7332992028A2C1F3CE747C62254B38E7
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                    Start time:19:34:49
                                                                                                                                                                                    Start date:18/04/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Programs\zentaoclient\resources\bin\zenshot\zenshot.exe
                                                                                                                                                                                    Imagebase:0x750000
                                                                                                                                                                                    File size:969'104 bytes
                                                                                                                                                                                    MD5 hash:9F1881A02F5570D1A853BBDB5A954E4B
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Reset < >

                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                      Execution Coverage:28.4%
                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:4%
                                                                                                                                                                                      Signature Coverage:21.4%
                                                                                                                                                                                      Total number of Nodes:1392
                                                                                                                                                                                      Total number of Limit Nodes:41
                                                                                                                                                                                      execution_graph 3024 4015c1 3043 402c41 3024->3043 3028 401631 3029 401663 3028->3029 3030 401636 3028->3030 3034 401423 24 API calls 3029->3034 3067 401423 3030->3067 3041 40165b 3034->3041 3038 40164a SetCurrentDirectoryW 3038->3041 3039 4015d1 3039->3028 3040 401617 GetFileAttributesW 3039->3040 3055 405bbc 3039->3055 3059 40588b 3039->3059 3062 4057f1 CreateDirectoryW 3039->3062 3071 40586e CreateDirectoryW 3039->3071 3040->3039 3044 402c4d 3043->3044 3074 4062dc 3044->3074 3047 4015c8 3049 405c3a CharNextW CharNextW 3047->3049 3050 405c57 3049->3050 3051 405c69 3049->3051 3050->3051 3053 405c64 CharNextW 3050->3053 3052 405c8d 3051->3052 3054 405bbc CharNextW 3051->3054 3052->3039 3053->3052 3054->3051 3056 405bc2 3055->3056 3057 405bd8 3056->3057 3058 405bc9 CharNextW 3056->3058 3057->3039 3058->3056 3112 406694 GetModuleHandleA 3059->3112 3063 405842 GetLastError 3062->3063 3064 40583e 3062->3064 3063->3064 3065 405851 SetFileSecurityW 3063->3065 3064->3039 3065->3064 3066 405867 GetLastError 3065->3066 3066->3064 3121 405322 3067->3121 3070 4062ba lstrcpynW 3070->3038 3072 405882 GetLastError 3071->3072 3073 40587e 3071->3073 3072->3073 3073->3039 3075 4062e9 3074->3075 3076 406534 3075->3076 3079 406502 lstrlenW 3075->3079 3082 4062dc 10 API calls 3075->3082 3083 406417 GetSystemDirectoryW 3075->3083 3085 40642a GetWindowsDirectoryW 3075->3085 3086 40654e 5 API calls 3075->3086 3087 40645e SHGetSpecialFolderLocation 3075->3087 3088 4062dc 10 API calls 3075->3088 3089 4064a5 lstrcatW 3075->3089 3100 406188 3075->3100 3105 406201 wsprintfW 3075->3105 3106 4062ba lstrcpynW 3075->3106 3077 402c6e 3076->3077 3107 4062ba lstrcpynW 3076->3107 3077->3047 3091 40654e 3077->3091 3079->3075 3082->3079 3083->3075 3085->3075 3086->3075 3087->3075 3090 406476 SHGetPathFromIDListW CoTaskMemFree 3087->3090 3088->3075 3089->3075 3090->3075 3097 40655b 3091->3097 3092 4065d1 3093 4065d6 CharPrevW 3092->3093 3096 4065f7 3092->3096 3093->3092 3094 4065c4 CharNextW 3094->3092 3094->3097 3095 405bbc CharNextW 3095->3097 3096->3047 3097->3092 3097->3094 3097->3095 3098 4065b0 CharNextW 3097->3098 3099 4065bf CharNextW 3097->3099 3098->3097 3099->3094 3108 406127 3100->3108 3103 4061ec 3103->3075 3104 4061bc RegQueryValueExW RegCloseKey 3104->3103 3105->3075 3106->3075 3107->3077 3109 406136 3108->3109 3110 40613a 3109->3110 3111 40613f RegOpenKeyExW 3109->3111 3110->3103 3110->3104 3111->3110 3113 4066b0 3112->3113 3114 4066ba GetProcAddress 3112->3114 3118 406624 GetSystemDirectoryW 3113->3118 3115 405892 3114->3115 3115->3039 3117 4066b6 3117->3114 3117->3115 3119 406646 wsprintfW LoadLibraryExW 3118->3119 3119->3117 3122 40533d 3121->3122 3131 401431 3121->3131 3123 405359 lstrlenW 3122->3123 3124 4062dc 17 API calls 3122->3124 3125 405382 3123->3125 3126 405367 lstrlenW 3123->3126 3124->3123 3128 405395 3125->3128 3129 405388 SetWindowTextW 3125->3129 3127 405379 lstrcatW 3126->3127 3126->3131 3127->3125 3130 40539b SendMessageW SendMessageW SendMessageW 3128->3130 3128->3131 3129->3128 3130->3131 3131->3070 3132 401941 3133 401943 3132->3133 3134 402c41 17 API calls 3133->3134 3135 401948 3134->3135 3138 4059cc 3135->3138 3174 405c97 3138->3174 3141 4059f4 DeleteFileW 3170 401951 3141->3170 3142 405a0b 3147 405b2b 3142->3147 3188 4062ba lstrcpynW 3142->3188 3144 405a31 3145 405a44 3144->3145 3146 405a37 lstrcatW 3144->3146 3189 405bdb lstrlenW 3145->3189 3148 405a4a 3146->3148 3147->3170 3207 4065fd FindFirstFileW 3147->3207 3151 405a5a lstrcatW 3148->3151 3152 405a65 lstrlenW FindFirstFileW 3148->3152 3151->3152 3152->3147 3172 405a87 3152->3172 3157 405b0e FindNextFileW 3160 405b24 FindClose 3157->3160 3157->3172 3158 405984 5 API calls 3159 405b66 3158->3159 3161 405b80 3159->3161 3162 405b6a 3159->3162 3160->3147 3164 405322 24 API calls 3161->3164 3165 405322 24 API calls 3162->3165 3162->3170 3164->3170 3167 405b77 3165->3167 3166 4059cc 60 API calls 3166->3172 3169 406080 36 API calls 3167->3169 3168 405322 24 API calls 3168->3157 3169->3170 3171 405322 24 API calls 3171->3172 3172->3157 3172->3166 3172->3168 3172->3171 3193 4062ba lstrcpynW 3172->3193 3194 405984 3172->3194 3202 406080 MoveFileExW 3172->3202 3213 4062ba lstrcpynW 3174->3213 3176 405ca8 3177 405c3a 4 API calls 3176->3177 3178 405cae 3177->3178 3179 4059ec 3178->3179 3180 40654e 5 API calls 3178->3180 3179->3141 3179->3142 3186 405cbe 3180->3186 3181 405cef lstrlenW 3182 405cfa 3181->3182 3181->3186 3184 405b8f 3 API calls 3182->3184 3183 4065fd 2 API calls 3183->3186 3185 405cff GetFileAttributesW 3184->3185 3185->3179 3186->3179 3186->3181 3186->3183 3187 405bdb 2 API calls 3186->3187 3187->3181 3188->3144 3190 405be9 3189->3190 3191 405bfb 3190->3191 3192 405bef CharPrevW 3190->3192 3191->3148 3192->3190 3192->3191 3193->3172 3214 405d8b GetFileAttributesW 3194->3214 3197 4059a7 DeleteFileW 3200 4059ad 3197->3200 3198 40599f RemoveDirectoryW 3198->3200 3199 4059b1 3199->3172 3200->3199 3201 4059bd SetFileAttributesW 3200->3201 3201->3199 3203 4060a3 3202->3203 3204 406094 3202->3204 3203->3172 3217 405f06 3204->3217 3208 406613 FindClose 3207->3208 3209 405b50 3207->3209 3208->3209 3209->3170 3210 405b8f lstrlenW CharPrevW 3209->3210 3211 405b5a 3210->3211 3212 405bab lstrcatW 3210->3212 3211->3158 3212->3211 3213->3176 3215 405990 3214->3215 3216 405d9d SetFileAttributesW 3214->3216 3215->3197 3215->3198 3215->3199 3216->3215 3218 405f36 3217->3218 3219 405f5c GetShortPathNameW 3217->3219 3244 405db0 GetFileAttributesW CreateFileW 3218->3244 3221 405f71 3219->3221 3222 40607b 3219->3222 3221->3222 3224 405f79 wsprintfA 3221->3224 3222->3203 3223 405f40 CloseHandle GetShortPathNameW 3223->3222 3225 405f54 3223->3225 3226 4062dc 17 API calls 3224->3226 3225->3219 3225->3222 3227 405fa1 3226->3227 3245 405db0 GetFileAttributesW CreateFileW 3227->3245 3229 405fae 3229->3222 3230 405fbd GetFileSize GlobalAlloc 3229->3230 3231 406074 CloseHandle 3230->3231 3232 405fdf 3230->3232 3231->3222 3246 405e33 ReadFile 3232->3246 3237 406012 3239 405d15 4 API calls 3237->3239 3238 405ffe lstrcpyA 3240 406020 3238->3240 3239->3240 3241 406057 SetFilePointer 3240->3241 3253 405e62 WriteFile 3241->3253 3244->3223 3245->3229 3247 405e51 3246->3247 3247->3231 3248 405d15 lstrlenA 3247->3248 3249 405d56 lstrlenA 3248->3249 3250 405d5e 3249->3250 3251 405d2f lstrcmpiA 3249->3251 3250->3237 3250->3238 3251->3250 3252 405d4d CharNextA 3251->3252 3252->3249 3254 405e80 GlobalFree 3253->3254 3254->3231 3511 401e49 3512 402c1f 17 API calls 3511->3512 3513 401e4f 3512->3513 3514 402c1f 17 API calls 3513->3514 3515 401e5b 3514->3515 3516 401e72 EnableWindow 3515->3516 3517 401e67 ShowWindow 3515->3517 3518 402ac5 3516->3518 3517->3518 4027 40264a 4028 402c1f 17 API calls 4027->4028 4035 402659 4028->4035 4029 402796 4030 4026a3 ReadFile 4030->4029 4030->4035 4031 405e33 ReadFile 4031->4035 4033 4026e3 MultiByteToWideChar 4033->4035 4034 402798 4049 406201 wsprintfW 4034->4049 4035->4029 4035->4030 4035->4031 4035->4033 4035->4034 4037 402709 SetFilePointer MultiByteToWideChar 4035->4037 4038 4027a9 4035->4038 4040 405e91 SetFilePointer 4035->4040 4037->4035 4038->4029 4039 4027ca SetFilePointer 4038->4039 4039->4029 4041 405ec5 4040->4041 4042 405ead 4040->4042 4041->4035 4043 405e33 ReadFile 4042->4043 4044 405eb9 4043->4044 4044->4041 4045 405ef6 SetFilePointer 4044->4045 4046 405ece SetFilePointer 4044->4046 4045->4041 4046->4045 4047 405ed9 4046->4047 4048 405e62 WriteFile 4047->4048 4048->4041 4049->4029 4053 4016cc 4054 402c41 17 API calls 4053->4054 4055 4016d2 GetFullPathNameW 4054->4055 4058 4016ec 4055->4058 4062 40170e 4055->4062 4056 401723 GetShortPathNameW 4057 402ac5 4056->4057 4059 4065fd 2 API calls 4058->4059 4058->4062 4060 4016fe 4059->4060 4060->4062 4063 4062ba lstrcpynW 4060->4063 4062->4056 4062->4057 4063->4062 4064 40234e 4065 402c41 17 API calls 4064->4065 4066 40235d 4065->4066 4067 402c41 17 API calls 4066->4067 4068 402366 4067->4068 4069 402c41 17 API calls 4068->4069 4070 402370 GetPrivateProfileStringW 4069->4070 3796 4038d0 3797 4038e8 3796->3797 3798 4038da CloseHandle 3796->3798 3803 403915 3797->3803 3798->3797 3801 4059cc 67 API calls 3802 4038f9 3801->3802 3805 403923 3803->3805 3804 4038ed 3804->3801 3805->3804 3806 403928 FreeLibrary GlobalFree 3805->3806 3806->3804 3806->3806 4071 401b53 4072 402c41 17 API calls 4071->4072 4073 401b5a 4072->4073 4074 402c1f 17 API calls 4073->4074 4075 401b63 wsprintfW 4074->4075 4076 402ac5 4075->4076 4077 401956 4078 402c41 17 API calls 4077->4078 4079 40195d lstrlenW 4078->4079 4080 402592 4079->4080 4081 4014d7 4082 402c1f 17 API calls 4081->4082 4083 4014dd Sleep 4082->4083 4085 402ac5 4083->4085 3855 403d58 3856 403d70 3855->3856 3857 403eab 3855->3857 3856->3857 3858 403d7c 3856->3858 3859 403efc 3857->3859 3860 403ebc GetDlgItem GetDlgItem 3857->3860 3863 403d87 SetWindowPos 3858->3863 3864 403d9a 3858->3864 3862 403f56 3859->3862 3872 401389 2 API calls 3859->3872 3861 404231 18 API calls 3860->3861 3867 403ee6 SetClassLongW 3861->3867 3868 40427d SendMessageW 3862->3868 3887 403ea6 3862->3887 3863->3864 3865 403db7 3864->3865 3866 403d9f ShowWindow 3864->3866 3869 403dd9 3865->3869 3870 403dbf DestroyWindow 3865->3870 3866->3865 3871 40140b 2 API calls 3867->3871 3882 403f68 3868->3882 3873 403dde SetWindowLongW 3869->3873 3874 403def 3869->3874 3923 4041ba 3870->3923 3871->3859 3875 403f2e 3872->3875 3873->3887 3877 403e66 3874->3877 3878 403dfb GetDlgItem 3874->3878 3875->3862 3879 403f32 SendMessageW 3875->3879 3876 4041bc DestroyWindow KiUserCallbackDispatcher 3876->3923 3885 404298 8 API calls 3877->3885 3883 403e2b 3878->3883 3884 403e0e SendMessageW IsWindowEnabled 3878->3884 3879->3887 3880 40140b 2 API calls 3880->3882 3881 4041eb ShowWindow 3881->3887 3882->3876 3882->3880 3886 4062dc 17 API calls 3882->3886 3882->3887 3895 404231 18 API calls 3882->3895 3898 404231 18 API calls 3882->3898 3914 4040fc DestroyWindow 3882->3914 3888 403e38 3883->3888 3890 403e7f SendMessageW 3883->3890 3891 403e4b 3883->3891 3897 403e30 3883->3897 3884->3883 3884->3887 3885->3887 3886->3882 3888->3890 3888->3897 3889 40420a SendMessageW 3889->3877 3890->3877 3892 403e53 3891->3892 3893 403e68 3891->3893 3894 40140b 2 API calls 3892->3894 3896 40140b 2 API calls 3893->3896 3894->3897 3895->3882 3896->3897 3897->3877 3897->3889 3899 403fe3 GetDlgItem 3898->3899 3900 404000 ShowWindow KiUserCallbackDispatcher 3899->3900 3901 403ff8 3899->3901 3924 404253 KiUserCallbackDispatcher 3900->3924 3901->3900 3903 40402a KiUserCallbackDispatcher 3908 40403e 3903->3908 3904 404043 GetSystemMenu EnableMenuItem SendMessageW 3905 404073 SendMessageW 3904->3905 3904->3908 3905->3908 3907 403d39 18 API calls 3907->3908 3908->3904 3908->3907 3925 404266 SendMessageW 3908->3925 3926 4062ba lstrcpynW 3908->3926 3910 4040a2 lstrlenW 3911 4062dc 17 API calls 3910->3911 3912 4040b8 SetWindowTextW 3911->3912 3913 401389 2 API calls 3912->3913 3913->3882 3915 404116 CreateDialogParamW 3914->3915 3914->3923 3916 404149 3915->3916 3915->3923 3917 404231 18 API calls 3916->3917 3918 404154 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3917->3918 3919 401389 2 API calls 3918->3919 3920 40419a 3919->3920 3920->3887 3921 4041a2 ShowWindow 3920->3921 3922 40427d SendMessageW 3921->3922 3922->3923 3923->3881 3923->3887 3924->3903 3925->3908 3926->3910 4086 401f58 4087 402c41 17 API calls 4086->4087 4088 401f5f 4087->4088 4089 4065fd 2 API calls 4088->4089 4090 401f65 4089->4090 4092 401f76 4090->4092 4093 406201 wsprintfW 4090->4093 4093->4092 3927 402259 3928 402c41 17 API calls 3927->3928 3929 40225f 3928->3929 3930 402c41 17 API calls 3929->3930 3931 402268 3930->3931 3932 402c41 17 API calls 3931->3932 3933 402271 3932->3933 3934 4065fd 2 API calls 3933->3934 3935 40227a 3934->3935 3936 40228b lstrlenW lstrlenW 3935->3936 3937 40227e 3935->3937 3939 405322 24 API calls 3936->3939 3938 405322 24 API calls 3937->3938 3940 402286 3937->3940 3938->3940 3941 4022c9 SHFileOperationW 3939->3941 3941->3937 3941->3940 4094 4046db 4095 404711 4094->4095 4096 4046eb 4094->4096 4098 404298 8 API calls 4095->4098 4097 404231 18 API calls 4096->4097 4099 4046f8 SetDlgItemTextW 4097->4099 4100 40471d 4098->4100 4099->4095 3942 40175c 3943 402c41 17 API calls 3942->3943 3944 401763 3943->3944 3945 405ddf 2 API calls 3944->3945 3946 40176a 3945->3946 3947 405ddf 2 API calls 3946->3947 3947->3946 4101 401d5d GetDlgItem GetClientRect 4102 402c41 17 API calls 4101->4102 4103 401d8f LoadImageW SendMessageW 4102->4103 4104 402ac5 4103->4104 4105 401dad DeleteObject 4103->4105 4105->4104 4106 4022dd 4107 4022e4 4106->4107 4109 4022f7 4106->4109 4108 4062dc 17 API calls 4107->4108 4110 4022f1 4108->4110 4111 405920 MessageBoxIndirectW 4110->4111 4111->4109 3255 405461 3256 405482 GetDlgItem GetDlgItem GetDlgItem 3255->3256 3257 40560b 3255->3257 3300 404266 SendMessageW 3256->3300 3259 405614 GetDlgItem CreateThread FindCloseChangeNotification 3257->3259 3260 40563c 3257->3260 3259->3260 3323 4053f5 OleInitialize 3259->3323 3262 405667 3260->3262 3264 405653 ShowWindow ShowWindow 3260->3264 3265 40568c 3260->3265 3261 4054f2 3269 4054f9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3261->3269 3263 4056c7 3262->3263 3266 4056a1 ShowWindow 3262->3266 3267 40567b 3262->3267 3263->3265 3277 4056d5 SendMessageW 3263->3277 3305 404266 SendMessageW 3264->3305 3309 404298 3265->3309 3273 4056c1 3266->3273 3274 4056b3 3266->3274 3306 40420a 3267->3306 3275 405567 3269->3275 3276 40554b SendMessageW SendMessageW 3269->3276 3272 40569a 3279 40420a SendMessageW 3273->3279 3278 405322 24 API calls 3274->3278 3280 40557a 3275->3280 3281 40556c SendMessageW 3275->3281 3276->3275 3277->3272 3282 4056ee CreatePopupMenu 3277->3282 3278->3273 3279->3263 3301 404231 3280->3301 3281->3280 3283 4062dc 17 API calls 3282->3283 3285 4056fe AppendMenuW 3283->3285 3287 40571b GetWindowRect 3285->3287 3288 40572e TrackPopupMenu 3285->3288 3286 40558a 3289 405593 ShowWindow 3286->3289 3290 4055c7 GetDlgItem SendMessageW 3286->3290 3287->3288 3288->3272 3291 405749 3288->3291 3292 4055b6 3289->3292 3293 4055a9 ShowWindow 3289->3293 3290->3272 3294 4055ee SendMessageW SendMessageW 3290->3294 3295 405765 SendMessageW 3291->3295 3304 404266 SendMessageW 3292->3304 3293->3292 3294->3272 3295->3295 3296 405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3295->3296 3298 4057a7 SendMessageW 3296->3298 3298->3298 3299 4057d0 GlobalUnlock SetClipboardData CloseClipboard 3298->3299 3299->3272 3300->3261 3302 4062dc 17 API calls 3301->3302 3303 40423c SetDlgItemTextW 3302->3303 3303->3286 3304->3290 3305->3262 3307 404211 3306->3307 3308 404217 SendMessageW 3306->3308 3307->3308 3308->3265 3310 4042b0 GetWindowLongW 3309->3310 3311 40435b 3309->3311 3310->3311 3312 4042c5 3310->3312 3311->3272 3312->3311 3313 4042f2 GetSysColor 3312->3313 3314 4042f5 3312->3314 3313->3314 3315 404305 SetBkMode 3314->3315 3316 4042fb SetTextColor 3314->3316 3317 404323 3315->3317 3318 40431d GetSysColor 3315->3318 3316->3315 3319 404334 3317->3319 3320 40432a SetBkColor 3317->3320 3318->3317 3319->3311 3321 404347 DeleteObject 3319->3321 3322 40434e CreateBrushIndirect 3319->3322 3320->3319 3321->3322 3322->3311 3330 40427d 3323->3330 3325 40427d SendMessageW 3326 405451 OleUninitialize 3325->3326 3328 40543f 3328->3325 3329 405418 3329->3328 3333 401389 3329->3333 3331 404295 3330->3331 3332 404286 SendMessageW 3330->3332 3331->3329 3332->3331 3334 401390 3333->3334 3335 4013fe 3334->3335 3336 4013cb MulDiv SendMessageW 3334->3336 3335->3329 3336->3334 4112 401563 4113 402a6b 4112->4113 4116 406201 wsprintfW 4113->4116 4115 402a70 4116->4115 3426 4023e4 3427 402c41 17 API calls 3426->3427 3428 4023f6 3427->3428 3429 402c41 17 API calls 3428->3429 3430 402400 3429->3430 3443 402cd1 3430->3443 3433 402ac5 3434 402438 3439 402444 3434->3439 3447 402c1f 3434->3447 3435 402c41 17 API calls 3437 40242e lstrlenW 3435->3437 3436 402463 RegSetValueExW 3441 402479 RegCloseKey 3436->3441 3437->3434 3439->3436 3450 403116 3439->3450 3441->3433 3444 402cec 3443->3444 3470 406155 3444->3470 3448 4062dc 17 API calls 3447->3448 3449 402c34 3448->3449 3449->3439 3451 40312f 3450->3451 3452 40315d 3451->3452 3477 403347 SetFilePointer 3451->3477 3474 403331 3452->3474 3456 4032ca 3458 40330c 3456->3458 3463 4032ce 3456->3463 3457 40317a GetTickCount 3459 4032b4 3457->3459 3466 4031c9 3457->3466 3460 403331 ReadFile 3458->3460 3459->3436 3460->3459 3461 403331 ReadFile 3461->3466 3462 403331 ReadFile 3462->3463 3463->3459 3463->3462 3464 405e62 WriteFile 3463->3464 3464->3463 3465 40321f GetTickCount 3465->3466 3466->3459 3466->3461 3466->3465 3467 403244 MulDiv wsprintfW 3466->3467 3469 405e62 WriteFile 3466->3469 3468 405322 24 API calls 3467->3468 3468->3466 3469->3466 3471 406164 3470->3471 3472 402410 3471->3472 3473 40616f RegCreateKeyExW 3471->3473 3472->3433 3472->3434 3472->3435 3473->3472 3475 405e33 ReadFile 3474->3475 3476 403168 3475->3476 3476->3456 3476->3457 3476->3459 3477->3452 4117 404367 lstrcpynW lstrlenW 4118 401968 4119 402c1f 17 API calls 4118->4119 4120 40196f 4119->4120 4121 402c1f 17 API calls 4120->4121 4122 40197c 4121->4122 4123 402c41 17 API calls 4122->4123 4124 401993 lstrlenW 4123->4124 4125 4019a4 4124->4125 4129 4019e5 4125->4129 4130 4062ba lstrcpynW 4125->4130 4127 4019d5 4128 4019da lstrlenW 4127->4128 4127->4129 4128->4129 4130->4127 4131 402868 4132 402c41 17 API calls 4131->4132 4133 40286f FindFirstFileW 4132->4133 4134 402897 4133->4134 4138 402882 4133->4138 4139 406201 wsprintfW 4134->4139 4136 4028a0 4140 4062ba lstrcpynW 4136->4140 4139->4136 4140->4138 4141 403968 4142 403973 4141->4142 4143 40397a GlobalAlloc 4142->4143 4144 403977 4142->4144 4143->4144 4145 40166a 4146 402c41 17 API calls 4145->4146 4147 401670 4146->4147 4148 4065fd 2 API calls 4147->4148 4149 401676 4148->4149 3519 40176f 3520 402c41 17 API calls 3519->3520 3521 401776 3520->3521 3522 401796 3521->3522 3523 40179e 3521->3523 3558 4062ba lstrcpynW 3522->3558 3559 4062ba lstrcpynW 3523->3559 3526 40179c 3530 40654e 5 API calls 3526->3530 3527 4017a9 3528 405b8f 3 API calls 3527->3528 3529 4017af lstrcatW 3528->3529 3529->3526 3547 4017bb 3530->3547 3531 4065fd 2 API calls 3531->3547 3532 405d8b 2 API calls 3532->3547 3534 4017cd CompareFileTime 3534->3547 3535 40188d 3537 405322 24 API calls 3535->3537 3536 401864 3538 405322 24 API calls 3536->3538 3542 401879 3536->3542 3540 401897 3537->3540 3538->3542 3539 4062ba lstrcpynW 3539->3547 3541 403116 31 API calls 3540->3541 3543 4018aa 3541->3543 3544 4018be SetFileTime 3543->3544 3545 4018d0 FindCloseChangeNotification 3543->3545 3544->3545 3545->3542 3548 4018e1 3545->3548 3546 4062dc 17 API calls 3546->3547 3547->3531 3547->3532 3547->3534 3547->3535 3547->3536 3547->3539 3547->3546 3557 405db0 GetFileAttributesW CreateFileW 3547->3557 3560 405920 3547->3560 3549 4018e6 3548->3549 3550 4018f9 3548->3550 3551 4062dc 17 API calls 3549->3551 3552 4062dc 17 API calls 3550->3552 3554 4018ee lstrcatW 3551->3554 3555 401901 3552->3555 3554->3555 3556 405920 MessageBoxIndirectW 3555->3556 3556->3542 3557->3547 3558->3526 3559->3527 3561 405935 3560->3561 3562 405981 3561->3562 3563 405949 MessageBoxIndirectW 3561->3563 3562->3547 3563->3562 4150 4027ef 4151 4027f6 4150->4151 4154 402a70 4150->4154 4152 402c1f 17 API calls 4151->4152 4153 4027fd 4152->4153 4155 40280c SetFilePointer 4153->4155 4155->4154 4156 40281c 4155->4156 4158 406201 wsprintfW 4156->4158 4158->4154 4159 4043f0 4160 404408 4159->4160 4167 404522 4159->4167 4164 404231 18 API calls 4160->4164 4161 40458c 4162 404656 4161->4162 4163 404596 GetDlgItem 4161->4163 4169 404298 8 API calls 4162->4169 4165 4045b0 4163->4165 4166 404617 4163->4166 4168 40446f 4164->4168 4165->4166 4173 4045d6 SendMessageW LoadCursorW SetCursor 4165->4173 4166->4162 4174 404629 4166->4174 4167->4161 4167->4162 4170 40455d GetDlgItem SendMessageW 4167->4170 4172 404231 18 API calls 4168->4172 4183 404651 4169->4183 4192 404253 KiUserCallbackDispatcher 4170->4192 4176 40447c CheckDlgButton 4172->4176 4193 40469f 4173->4193 4178 40463f 4174->4178 4179 40462f SendMessageW 4174->4179 4175 404587 4180 40467b SendMessageW 4175->4180 4190 404253 KiUserCallbackDispatcher 4176->4190 4178->4183 4184 404645 SendMessageW 4178->4184 4179->4178 4180->4161 4184->4183 4185 40449a GetDlgItem 4191 404266 SendMessageW 4185->4191 4187 4044b0 SendMessageW 4188 4044d6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4187->4188 4189 4044cd GetSysColor 4187->4189 4188->4183 4189->4188 4190->4185 4191->4187 4192->4175 4196 4058e6 ShellExecuteExW 4193->4196 4195 404605 LoadCursorW SetCursor 4195->4166 4196->4195 4197 30913b8 4198 309143a 2 API calls 4197->4198 4199 30913e4 4198->4199 4200 30910d0 29 API calls 4199->4200 4201 30913ee 4200->4201 4202 30914cf 3 API calls 4201->4202 4203 30913f7 4202->4203 4204 401a72 4205 402c1f 17 API calls 4204->4205 4206 401a7b 4205->4206 4207 402c1f 17 API calls 4206->4207 4208 401a20 4207->4208 4209 401573 4210 401583 ShowWindow 4209->4210 4211 40158c 4209->4211 4210->4211 4212 402ac5 4211->4212 4213 40159a ShowWindow 4211->4213 4213->4212 4214 402df3 4215 402e05 SetTimer 4214->4215 4216 402e1e 4214->4216 4215->4216 4217 402e73 4216->4217 4218 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4216->4218 4218->4217 4219 401cf3 4220 402c1f 17 API calls 4219->4220 4221 401cf9 IsWindow 4220->4221 4222 401a20 4221->4222 4223 4014f5 SetForegroundWindow 4224 402ac5 4223->4224 4225 402576 4226 402c41 17 API calls 4225->4226 4227 40257d 4226->4227 4230 405db0 GetFileAttributesW CreateFileW 4227->4230 4229 402589 4230->4229 3832 401b77 3833 401bc8 3832->3833 3839 401b84 3832->3839 3834 401bf2 GlobalAlloc 3833->3834 3835 401bcd 3833->3835 3837 4062dc 17 API calls 3834->3837 3847 401c0d 3835->3847 3851 4062ba lstrcpynW 3835->3851 3836 4022e4 3838 4062dc 17 API calls 3836->3838 3837->3847 3841 4022f1 3838->3841 3839->3836 3842 401b9b 3839->3842 3846 405920 MessageBoxIndirectW 3841->3846 3852 4062ba lstrcpynW 3842->3852 3844 401bdf GlobalFree 3844->3847 3845 401baa 3853 4062ba lstrcpynW 3845->3853 3846->3847 3849 401bb9 3854 4062ba lstrcpynW 3849->3854 3851->3844 3852->3845 3853->3849 3854->3847 4231 404a78 4232 404aa4 4231->4232 4233 404a88 4231->4233 4235 404ad7 4232->4235 4236 404aaa SHGetPathFromIDListW 4232->4236 4242 405904 GetDlgItemTextW 4233->4242 4238 404aba 4236->4238 4241 404ac1 SendMessageW 4236->4241 4237 404a95 SendMessageW 4237->4232 4239 40140b 2 API calls 4238->4239 4239->4241 4241->4235 4242->4237 4243 4024f8 4244 402c81 17 API calls 4243->4244 4245 402502 4244->4245 4246 402c1f 17 API calls 4245->4246 4247 40250b 4246->4247 4248 402533 RegEnumValueW 4247->4248 4249 402527 RegEnumKeyW 4247->4249 4251 40288b 4247->4251 4250 402548 RegCloseKey 4248->4250 4249->4250 4250->4251 4253 40167b 4254 402c41 17 API calls 4253->4254 4255 401682 4254->4255 4256 402c41 17 API calls 4255->4256 4257 40168b 4256->4257 4258 402c41 17 API calls 4257->4258 4259 401694 MoveFileW 4258->4259 4260 4016a7 4259->4260 4266 4016a0 4259->4266 4261 4065fd 2 API calls 4260->4261 4264 402250 4260->4264 4263 4016b6 4261->4263 4262 401423 24 API calls 4262->4264 4263->4264 4265 406080 36 API calls 4263->4265 4265->4266 4266->4262 4267 401e7d 4268 402c41 17 API calls 4267->4268 4269 401e83 4268->4269 4270 402c41 17 API calls 4269->4270 4271 401e8c 4270->4271 4272 402c41 17 API calls 4271->4272 4273 401e95 4272->4273 4274 402c41 17 API calls 4273->4274 4275 401e9e 4274->4275 4276 401423 24 API calls 4275->4276 4277 401ea5 4276->4277 4284 4058e6 ShellExecuteExW 4277->4284 4279 401ee7 4282 40288b 4279->4282 4285 406745 WaitForSingleObject 4279->4285 4281 401f01 CloseHandle 4281->4282 4284->4279 4286 40675f 4285->4286 4287 406771 GetExitCodeProcess 4286->4287 4288 4066d0 2 API calls 4286->4288 4287->4281 4289 406766 WaitForSingleObject 4288->4289 4289->4286 4290 4019ff 4291 402c41 17 API calls 4290->4291 4292 401a06 4291->4292 4293 402c41 17 API calls 4292->4293 4294 401a0f 4293->4294 4295 401a16 lstrcmpiW 4294->4295 4296 401a28 lstrcmpW 4294->4296 4297 401a1c 4295->4297 4296->4297 4298 401000 4299 401037 BeginPaint GetClientRect 4298->4299 4300 40100c DefWindowProcW 4298->4300 4302 4010f3 4299->4302 4303 401179 4300->4303 4304 401073 CreateBrushIndirect FillRect DeleteObject 4302->4304 4305 4010fc 4302->4305 4304->4302 4306 401102 CreateFontIndirectW 4305->4306 4307 401167 EndPaint 4305->4307 4306->4307 4308 401112 6 API calls 4306->4308 4307->4303 4308->4307 4309 401503 4310 40150b 4309->4310 4312 40151e 4309->4312 4311 402c1f 17 API calls 4310->4311 4311->4312 3478 402104 3479 402c41 17 API calls 3478->3479 3480 40210b 3479->3480 3481 402c41 17 API calls 3480->3481 3482 402115 3481->3482 3483 402c41 17 API calls 3482->3483 3484 40211f 3483->3484 3485 402c41 17 API calls 3484->3485 3486 402129 3485->3486 3487 402c41 17 API calls 3486->3487 3489 402133 3487->3489 3488 402172 CoCreateInstance 3493 402191 3488->3493 3489->3488 3490 402c41 17 API calls 3489->3490 3490->3488 3491 401423 24 API calls 3492 402250 3491->3492 3493->3491 3493->3492 3494 402484 3505 402c81 3494->3505 3497 402c41 17 API calls 3498 402497 3497->3498 3499 4024a2 RegQueryValueExW 3498->3499 3500 40288b 3498->3500 3501 4024c2 3499->3501 3502 4024c8 RegCloseKey 3499->3502 3501->3502 3510 406201 wsprintfW 3501->3510 3502->3500 3506 402c41 17 API calls 3505->3506 3507 402c98 3506->3507 3508 406127 RegOpenKeyExW 3507->3508 3509 40248e 3508->3509 3509->3497 3510->3502 4313 401f06 4314 402c41 17 API calls 4313->4314 4315 401f0c 4314->4315 4316 405322 24 API calls 4315->4316 4317 401f16 4316->4317 4318 4058a3 2 API calls 4317->4318 4319 401f1c 4318->4319 4320 40288b 4319->4320 4322 406745 5 API calls 4319->4322 4323 401f3f CloseHandle 4319->4323 4324 401f31 4322->4324 4323->4320 4324->4323 4326 406201 wsprintfW 4324->4326 4326->4323 4327 40190c 4328 401943 4327->4328 4329 402c41 17 API calls 4328->4329 4330 401948 4329->4330 4331 4059cc 67 API calls 4330->4331 4332 401951 4331->4332 4333 40230c 4334 402314 4333->4334 4335 40231a 4333->4335 4336 402c41 17 API calls 4334->4336 4337 402328 4335->4337 4338 402c41 17 API calls 4335->4338 4336->4335 4339 402c41 17 API calls 4337->4339 4341 402336 4337->4341 4338->4337 4339->4341 4340 402c41 17 API calls 4342 40233f WritePrivateProfileStringW 4340->4342 4341->4340 4343 401f8c 4344 402c41 17 API calls 4343->4344 4345 401f93 4344->4345 4346 406694 5 API calls 4345->4346 4347 401fa2 4346->4347 4348 401fbe GlobalAlloc 4347->4348 4350 402026 4347->4350 4349 401fd2 4348->4349 4348->4350 4351 406694 5 API calls 4349->4351 4352 401fd9 4351->4352 4353 406694 5 API calls 4352->4353 4354 401fe3 4353->4354 4354->4350 4358 406201 wsprintfW 4354->4358 4356 402018 4359 406201 wsprintfW 4356->4359 4358->4356 4359->4350 4360 40238e 4361 4023c1 4360->4361 4362 402396 4360->4362 4364 402c41 17 API calls 4361->4364 4363 402c81 17 API calls 4362->4363 4366 40239d 4363->4366 4365 4023c8 4364->4365 4371 402cff 4365->4371 4368 402c41 17 API calls 4366->4368 4369 4023d5 4366->4369 4370 4023ae RegDeleteValueW RegCloseKey 4368->4370 4370->4369 4372 402d13 4371->4372 4373 402d0c 4371->4373 4372->4373 4375 402d44 4372->4375 4373->4369 4376 406127 RegOpenKeyExW 4375->4376 4377 402d72 4376->4377 4378 402d98 RegEnumKeyW 4377->4378 4379 402daf RegCloseKey 4377->4379 4380 402dd0 RegCloseKey 4377->4380 4382 402d44 6 API calls 4377->4382 4385 402dc3 4377->4385 4378->4377 4378->4379 4381 406694 5 API calls 4379->4381 4380->4385 4383 402dbf 4381->4383 4382->4377 4384 402de0 RegDeleteKeyW 4383->4384 4383->4385 4384->4385 4385->4373 3564 40338f SetErrorMode GetVersion 3565 4033ce 3564->3565 3566 4033d4 3564->3566 3567 406694 5 API calls 3565->3567 3568 406624 3 API calls 3566->3568 3567->3566 3569 4033ea lstrlenA 3568->3569 3569->3566 3570 4033fa 3569->3570 3571 406694 5 API calls 3570->3571 3572 403401 3571->3572 3573 406694 5 API calls 3572->3573 3574 403408 3573->3574 3575 406694 5 API calls 3574->3575 3576 403414 #17 OleInitialize SHGetFileInfoW 3575->3576 3654 4062ba lstrcpynW 3576->3654 3579 403460 GetCommandLineW 3655 4062ba lstrcpynW 3579->3655 3581 403472 3582 405bbc CharNextW 3581->3582 3583 403497 CharNextW 3582->3583 3584 4035c1 GetTempPathW 3583->3584 3595 4034b0 3583->3595 3656 40335e 3584->3656 3586 4035d9 3587 403633 DeleteFileW 3586->3587 3588 4035dd GetWindowsDirectoryW lstrcatW 3586->3588 3666 402edd GetTickCount GetModuleFileNameW 3587->3666 3589 40335e 12 API calls 3588->3589 3592 4035f9 3589->3592 3590 405bbc CharNextW 3590->3595 3592->3587 3596 4035fd GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3592->3596 3593 403647 3594 4036fe ExitProcess OleUninitialize 3593->3594 3598 4036ea 3593->3598 3603 405bbc CharNextW 3593->3603 3599 403834 3594->3599 3600 403714 3594->3600 3595->3590 3597 4035aa 3595->3597 3601 4035ac 3595->3601 3602 40335e 12 API calls 3596->3602 3597->3584 3694 4039aa 3598->3694 3607 4038b8 ExitProcess 3599->3607 3608 40383c GetCurrentProcess OpenProcessToken 3599->3608 3606 405920 MessageBoxIndirectW 3600->3606 3750 4062ba lstrcpynW 3601->3750 3609 40362b 3602->3609 3620 403666 3603->3620 3612 403722 ExitProcess 3606->3612 3613 403854 LookupPrivilegeValueW AdjustTokenPrivileges 3608->3613 3614 403888 3608->3614 3609->3587 3609->3594 3610 4036fa 3610->3594 3613->3614 3615 406694 5 API calls 3614->3615 3618 40388f 3615->3618 3616 4036c4 3622 405c97 18 API calls 3616->3622 3617 40372a 3621 40588b 5 API calls 3617->3621 3619 4038a4 ExitWindowsEx 3618->3619 3623 4038b1 3618->3623 3619->3607 3619->3623 3620->3616 3620->3617 3624 40372f lstrcatW 3621->3624 3625 4036d0 3622->3625 3626 40140b 2 API calls 3623->3626 3627 403740 lstrcatW 3624->3627 3628 40374b lstrcatW lstrcmpiW 3624->3628 3625->3594 3751 4062ba lstrcpynW 3625->3751 3626->3607 3627->3628 3628->3594 3629 403767 3628->3629 3631 403773 3629->3631 3632 40376c 3629->3632 3636 40586e 2 API calls 3631->3636 3634 4057f1 4 API calls 3632->3634 3633 4036df 3752 4062ba lstrcpynW 3633->3752 3637 403771 3634->3637 3638 403778 SetCurrentDirectoryW 3636->3638 3637->3638 3639 403793 3638->3639 3640 403788 3638->3640 3754 4062ba lstrcpynW 3639->3754 3753 4062ba lstrcpynW 3640->3753 3643 4062dc 17 API calls 3644 4037d2 DeleteFileW 3643->3644 3645 4037df CopyFileW 3644->3645 3651 4037a1 3644->3651 3645->3651 3646 403828 3647 406080 36 API calls 3646->3647 3649 40382f 3647->3649 3648 406080 36 API calls 3648->3651 3649->3594 3650 4062dc 17 API calls 3650->3651 3651->3643 3651->3646 3651->3648 3651->3650 3653 403813 CloseHandle 3651->3653 3755 4058a3 CreateProcessW 3651->3755 3653->3651 3654->3579 3655->3581 3657 40654e 5 API calls 3656->3657 3659 40336a 3657->3659 3658 403374 3658->3586 3659->3658 3660 405b8f 3 API calls 3659->3660 3661 40337c 3660->3661 3662 40586e 2 API calls 3661->3662 3663 403382 3662->3663 3758 405ddf 3663->3758 3762 405db0 GetFileAttributesW CreateFileW 3666->3762 3668 402f1d 3686 402f2d 3668->3686 3763 4062ba lstrcpynW 3668->3763 3670 402f43 3671 405bdb 2 API calls 3670->3671 3672 402f49 3671->3672 3764 4062ba lstrcpynW 3672->3764 3674 402f54 GetFileSize 3675 403050 3674->3675 3693 402f6b 3674->3693 3765 402e79 3675->3765 3677 403059 3679 403089 GlobalAlloc 3677->3679 3677->3686 3777 403347 SetFilePointer 3677->3777 3678 403331 ReadFile 3678->3693 3776 403347 SetFilePointer 3679->3776 3681 4030bc 3683 402e79 6 API calls 3681->3683 3683->3686 3684 403072 3687 403331 ReadFile 3684->3687 3685 4030a4 3688 403116 31 API calls 3685->3688 3686->3593 3689 40307d 3687->3689 3691 4030b0 3688->3691 3689->3679 3689->3686 3690 402e79 6 API calls 3690->3693 3691->3686 3691->3691 3692 4030ed SetFilePointer 3691->3692 3692->3686 3693->3675 3693->3678 3693->3681 3693->3686 3693->3690 3695 406694 5 API calls 3694->3695 3696 4039be 3695->3696 3697 4039c4 3696->3697 3698 4039d6 3696->3698 3790 406201 wsprintfW 3697->3790 3699 406188 3 API calls 3698->3699 3700 403a06 3699->3700 3702 403a25 lstrcatW 3700->3702 3704 406188 3 API calls 3700->3704 3703 4039d4 3702->3703 3782 403c80 3703->3782 3704->3702 3707 405c97 18 API calls 3708 403a57 3707->3708 3709 403aeb 3708->3709 3711 406188 3 API calls 3708->3711 3710 405c97 18 API calls 3709->3710 3712 403af1 3710->3712 3713 403a89 3711->3713 3714 403b01 LoadImageW 3712->3714 3715 4062dc 17 API calls 3712->3715 3713->3709 3719 403aaa lstrlenW 3713->3719 3721 405bbc CharNextW 3713->3721 3716 403ba7 3714->3716 3717 403b28 RegisterClassW 3714->3717 3715->3714 3718 40140b 2 API calls 3716->3718 3720 403b5e SystemParametersInfoW CreateWindowExW 3717->3720 3749 403bb1 3717->3749 3724 403bad 3718->3724 3722 403ab8 lstrcmpiW 3719->3722 3723 403ade 3719->3723 3720->3716 3726 403aa7 3721->3726 3722->3723 3727 403ac8 GetFileAttributesW 3722->3727 3725 405b8f 3 API calls 3723->3725 3729 403c80 18 API calls 3724->3729 3724->3749 3730 403ae4 3725->3730 3726->3719 3728 403ad4 3727->3728 3728->3723 3731 405bdb 2 API calls 3728->3731 3732 403bbe 3729->3732 3791 4062ba lstrcpynW 3730->3791 3731->3723 3734 403bca ShowWindow 3732->3734 3735 403c4d 3732->3735 3737 406624 3 API calls 3734->3737 3736 4053f5 5 API calls 3735->3736 3738 403c53 3736->3738 3739 403be2 3737->3739 3740 403c57 3738->3740 3741 403c6f 3738->3741 3742 403bf0 GetClassInfoW 3739->3742 3744 406624 3 API calls 3739->3744 3747 40140b 2 API calls 3740->3747 3740->3749 3743 40140b 2 API calls 3741->3743 3745 403c04 GetClassInfoW RegisterClassW 3742->3745 3746 403c1a DialogBoxParamW 3742->3746 3743->3749 3744->3742 3745->3746 3748 40140b 2 API calls 3746->3748 3747->3749 3748->3749 3749->3610 3750->3597 3751->3633 3752->3598 3753->3639 3754->3651 3756 4058e2 3755->3756 3757 4058d6 CloseHandle 3755->3757 3756->3651 3757->3756 3759 405dec GetTickCount GetTempFileNameW 3758->3759 3760 405e22 3759->3760 3761 40338d 3759->3761 3760->3759 3760->3761 3761->3586 3762->3668 3763->3670 3764->3674 3766 402e82 3765->3766 3767 402e9a 3765->3767 3770 402e92 3766->3770 3771 402e8b DestroyWindow 3766->3771 3768 402ea2 3767->3768 3769 402eaa GetTickCount 3767->3769 3778 4066d0 3768->3778 3773 402eb8 CreateDialogParamW ShowWindow 3769->3773 3774 402edb 3769->3774 3770->3677 3771->3770 3773->3774 3774->3677 3776->3685 3777->3684 3779 4066ed PeekMessageW 3778->3779 3780 4066e3 DispatchMessageW 3779->3780 3781 402ea8 3779->3781 3780->3779 3781->3677 3783 403c94 3782->3783 3792 406201 wsprintfW 3783->3792 3785 403d05 3793 403d39 3785->3793 3787 403a35 3787->3707 3788 403d0a 3788->3787 3789 4062dc 17 API calls 3788->3789 3789->3788 3790->3703 3791->3709 3792->3785 3794 4062dc 17 API calls 3793->3794 3795 403d47 SetWindowTextW 3794->3795 3795->3788 4386 40190f 4387 402c41 17 API calls 4386->4387 4388 401916 4387->4388 4389 405920 MessageBoxIndirectW 4388->4389 4390 40191f 4389->4390 4391 401491 4392 405322 24 API calls 4391->4392 4393 401498 4392->4393 4394 401d14 4395 402c1f 17 API calls 4394->4395 4396 401d1b 4395->4396 4397 402c1f 17 API calls 4396->4397 4398 401d27 GetDlgItem 4397->4398 4399 402592 4398->4399 4400 405296 4401 4052a6 4400->4401 4402 4052ba 4400->4402 4403 405303 4401->4403 4404 4052ac 4401->4404 4405 4052c2 IsWindowVisible 4402->4405 4411 4052d9 4402->4411 4406 405308 CallWindowProcW 4403->4406 4407 40427d SendMessageW 4404->4407 4405->4403 4408 4052cf 4405->4408 4409 4052b6 4406->4409 4407->4409 4413 404bec SendMessageW 4408->4413 4411->4406 4418 404c6c 4411->4418 4414 404c4b SendMessageW 4413->4414 4415 404c0f GetMessagePos ScreenToClient SendMessageW 4413->4415 4416 404c43 4414->4416 4415->4416 4417 404c48 4415->4417 4416->4411 4417->4414 4427 4062ba lstrcpynW 4418->4427 4420 404c7f 4428 406201 wsprintfW 4420->4428 4422 404c89 4423 40140b 2 API calls 4422->4423 4424 404c92 4423->4424 4429 4062ba lstrcpynW 4424->4429 4426 404c99 4426->4403 4427->4420 4428->4422 4429->4426 4430 402598 4431 4025c7 4430->4431 4432 4025ac 4430->4432 4434 4025fb 4431->4434 4435 4025cc 4431->4435 4433 402c1f 17 API calls 4432->4433 4442 4025b3 4433->4442 4437 402c41 17 API calls 4434->4437 4436 402c41 17 API calls 4435->4436 4438 4025d3 WideCharToMultiByte lstrlenA 4436->4438 4439 402602 lstrlenW 4437->4439 4438->4442 4439->4442 4440 40262f 4441 402645 4440->4441 4443 405e62 WriteFile 4440->4443 4442->4440 4442->4441 4444 405e91 5 API calls 4442->4444 4443->4441 4444->4440 4445 40149e 4446 4022f7 4445->4446 4447 4014ac PostQuitMessage 4445->4447 4447->4446 4448 404c9e GetDlgItem GetDlgItem 4449 404cf0 7 API calls 4448->4449 4458 404f09 4448->4458 4450 404d93 DeleteObject 4449->4450 4451 404d86 SendMessageW 4449->4451 4452 404d9c 4450->4452 4451->4450 4454 404dd3 4452->4454 4457 4062dc 17 API calls 4452->4457 4453 404fed 4456 405099 4453->4456 4466 405046 SendMessageW 4453->4466 4491 404efc 4453->4491 4455 404231 18 API calls 4454->4455 4459 404de7 4455->4459 4461 4050a3 SendMessageW 4456->4461 4462 4050ab 4456->4462 4463 404db5 SendMessageW SendMessageW 4457->4463 4458->4453 4460 404f7a 4458->4460 4464 404bec 5 API calls 4458->4464 4465 404231 18 API calls 4459->4465 4460->4453 4468 404fdf SendMessageW 4460->4468 4461->4462 4469 4050c4 4462->4469 4470 4050bd ImageList_Destroy 4462->4470 4477 4050d4 4462->4477 4463->4452 4464->4460 4480 404df5 4465->4480 4472 40505b SendMessageW 4466->4472 4466->4491 4467 404298 8 API calls 4473 40528f 4467->4473 4468->4453 4474 4050cd GlobalFree 4469->4474 4469->4477 4470->4469 4471 405243 4478 405255 ShowWindow GetDlgItem ShowWindow 4471->4478 4471->4491 4476 40506e 4472->4476 4474->4477 4475 404eca GetWindowLongW SetWindowLongW 4479 404ee3 4475->4479 4486 40507f SendMessageW 4476->4486 4477->4471 4490 404c6c 4 API calls 4477->4490 4495 40510f 4477->4495 4478->4491 4481 404f01 4479->4481 4482 404ee9 ShowWindow 4479->4482 4480->4475 4485 404e45 SendMessageW 4480->4485 4487 404ec4 4480->4487 4488 404e81 SendMessageW 4480->4488 4489 404e92 SendMessageW 4480->4489 4500 404266 SendMessageW 4481->4500 4499 404266 SendMessageW 4482->4499 4485->4480 4486->4456 4487->4475 4487->4479 4488->4480 4489->4480 4490->4495 4491->4467 4492 405219 InvalidateRect 4492->4471 4493 40522f 4492->4493 4496 404ba7 20 API calls 4493->4496 4494 40513d SendMessageW 4497 405153 4494->4497 4495->4494 4495->4497 4496->4471 4497->4492 4498 4051c7 SendMessageW SendMessageW 4497->4498 4498->4497 4499->4491 4500->4458 4005 401c1f 4006 402c1f 17 API calls 4005->4006 4007 401c26 4006->4007 4008 402c1f 17 API calls 4007->4008 4009 401c33 4008->4009 4010 401c48 4009->4010 4011 402c41 17 API calls 4009->4011 4012 401c58 4010->4012 4013 402c41 17 API calls 4010->4013 4011->4010 4014 401c63 4012->4014 4015 401caf 4012->4015 4013->4012 4017 402c1f 17 API calls 4014->4017 4016 402c41 17 API calls 4015->4016 4018 401cb4 4016->4018 4019 401c68 4017->4019 4021 402c41 17 API calls 4018->4021 4020 402c1f 17 API calls 4019->4020 4022 401c74 4020->4022 4023 401cbd FindWindowExW 4021->4023 4024 401c81 SendMessageTimeoutW 4022->4024 4025 401c9f SendMessageW 4022->4025 4026 401cdf 4023->4026 4024->4026 4025->4026 3021 402aa0 SendMessageW 3022 402ac5 3021->3022 3023 402aba InvalidateRect 3021->3023 3023->3022 4501 402821 4502 402827 4501->4502 4503 40282f FindClose 4502->4503 4504 402ac5 4502->4504 4503->4504 4505 4043a1 lstrlenW 4506 4043c0 4505->4506 4507 4043c2 WideCharToMultiByte 4505->4507 4506->4507 3337 404722 3338 40474e 3337->3338 3339 40475f 3337->3339 3406 405904 GetDlgItemTextW 3338->3406 3340 40476b GetDlgItem 3339->3340 3347 4047d7 3339->3347 3342 40477f 3340->3342 3346 404793 SetWindowTextW 3342->3346 3351 405c3a 4 API calls 3342->3351 3343 4048ae 3348 404a5d 3343->3348 3404 405904 GetDlgItemTextW 3343->3404 3344 404759 3345 40654e 5 API calls 3344->3345 3345->3339 3354 404231 18 API calls 3346->3354 3347->3343 3347->3348 3352 4062dc 17 API calls 3347->3352 3350 404298 8 API calls 3348->3350 3355 404a71 3350->3355 3356 404789 3351->3356 3357 40483e SHBrowseForFolderW 3352->3357 3353 4048de 3358 405c97 18 API calls 3353->3358 3359 4047af 3354->3359 3356->3346 3363 405b8f 3 API calls 3356->3363 3357->3343 3360 404856 CoTaskMemFree 3357->3360 3361 4048e4 3358->3361 3362 404231 18 API calls 3359->3362 3364 405b8f 3 API calls 3360->3364 3405 4062ba lstrcpynW 3361->3405 3365 4047bd 3362->3365 3363->3346 3366 404863 3364->3366 3403 404266 SendMessageW 3365->3403 3371 40489a SetDlgItemTextW 3366->3371 3374 4062dc 17 API calls 3366->3374 3369 4048fb 3372 406694 5 API calls 3369->3372 3370 4047c3 3373 406694 5 API calls 3370->3373 3371->3343 3382 404902 3372->3382 3375 4047ca 3373->3375 3376 404882 lstrcmpiW 3374->3376 3375->3348 3378 4047d2 SHAutoComplete 3375->3378 3376->3371 3379 404893 lstrcatW 3376->3379 3377 404943 3407 4062ba lstrcpynW 3377->3407 3378->3347 3379->3371 3380 404911 GetDiskFreeSpaceExW 3380->3382 3390 40499b 3380->3390 3382->3377 3382->3380 3385 405bdb 2 API calls 3382->3385 3383 40494a 3384 405c3a 4 API calls 3383->3384 3386 404950 3384->3386 3385->3382 3387 404956 3386->3387 3388 404959 GetDiskFreeSpaceW 3386->3388 3387->3388 3389 404974 MulDiv 3388->3389 3388->3390 3389->3390 3391 404a0c 3390->3391 3408 404ba7 3390->3408 3392 404a2f 3391->3392 3419 40140b 3391->3419 3422 404253 KiUserCallbackDispatcher 3392->3422 3397 404a0e SetDlgItemTextW 3397->3391 3398 4049fe 3411 404ade 3398->3411 3400 404a4b 3400->3348 3401 404a58 3400->3401 3423 40467b 3401->3423 3403->3370 3404->3353 3405->3369 3406->3344 3407->3383 3409 404ade 20 API calls 3408->3409 3410 4049f9 3409->3410 3410->3397 3410->3398 3412 404af7 3411->3412 3413 4062dc 17 API calls 3412->3413 3414 404b5b 3413->3414 3415 4062dc 17 API calls 3414->3415 3416 404b66 3415->3416 3417 4062dc 17 API calls 3416->3417 3418 404b7c lstrlenW wsprintfW SetDlgItemTextW 3417->3418 3418->3391 3420 401389 2 API calls 3419->3420 3421 401420 3420->3421 3421->3392 3422->3400 3424 404689 3423->3424 3425 40468e SendMessageW 3423->3425 3424->3425 3425->3348 4508 4015a3 4509 402c41 17 API calls 4508->4509 4510 4015aa SetFileAttributesW 4509->4510 4511 4015bc 4510->4511 4512 4029a8 4513 402c1f 17 API calls 4512->4513 4514 4029ae 4513->4514 4515 4029d5 4514->4515 4516 4029ee 4514->4516 4517 40288b 4514->4517 4518 4029da 4515->4518 4525 4029eb 4515->4525 4519 402a08 4516->4519 4520 4029f8 4516->4520 4526 4062ba lstrcpynW 4518->4526 4522 4062dc 17 API calls 4519->4522 4521 402c1f 17 API calls 4520->4521 4521->4525 4522->4525 4525->4517 4527 406201 wsprintfW 4525->4527 4526->4517 4527->4517 4528 4028ad 4529 402c41 17 API calls 4528->4529 4531 4028bb 4529->4531 4530 4028d1 4533 405d8b 2 API calls 4530->4533 4531->4530 4532 402c41 17 API calls 4531->4532 4532->4530 4534 4028d7 4533->4534 4556 405db0 GetFileAttributesW CreateFileW 4534->4556 4536 4028e4 4537 4028f0 GlobalAlloc 4536->4537 4538 402987 4536->4538 4539 402909 4537->4539 4540 40297e CloseHandle 4537->4540 4541 4029a2 4538->4541 4542 40298f DeleteFileW 4538->4542 4557 403347 SetFilePointer 4539->4557 4540->4538 4542->4541 4544 40290f 4545 403331 ReadFile 4544->4545 4546 402918 GlobalAlloc 4545->4546 4547 402928 4546->4547 4548 40295c 4546->4548 4550 403116 31 API calls 4547->4550 4549 405e62 WriteFile 4548->4549 4551 402968 GlobalFree 4549->4551 4555 402935 4550->4555 4552 403116 31 API calls 4551->4552 4553 40297b 4552->4553 4553->4540 4554 402953 GlobalFree 4554->4548 4555->4554 4556->4536 4557->4544 4558 401a30 4559 402c41 17 API calls 4558->4559 4560 401a39 ExpandEnvironmentStringsW 4559->4560 4561 401a60 4560->4561 4562 401a4d 4560->4562 4562->4561 4563 401a52 lstrcmpW 4562->4563 4563->4561 3807 402032 3808 402044 3807->3808 3809 4020f6 3807->3809 3810 402c41 17 API calls 3808->3810 3811 401423 24 API calls 3809->3811 3812 40204b 3810->3812 3818 402250 3811->3818 3813 402c41 17 API calls 3812->3813 3814 402054 3813->3814 3815 40206a LoadLibraryExW 3814->3815 3816 40205c GetModuleHandleW 3814->3816 3815->3809 3817 40207b 3815->3817 3816->3815 3816->3817 3829 406703 WideCharToMultiByte 3817->3829 3821 4020c5 3823 405322 24 API calls 3821->3823 3822 40208c 3824 402094 3822->3824 3825 4020ab KiUserCallbackDispatcher 3822->3825 3826 40209c 3823->3826 3827 401423 24 API calls 3824->3827 3825->3826 3826->3818 3828 4020e8 FreeLibrary 3826->3828 3827->3826 3828->3818 3830 40672d GetProcAddress 3829->3830 3831 402086 3829->3831 3830->3831 3831->3821 3831->3822 4576 401735 4577 402c41 17 API calls 4576->4577 4578 40173c SearchPathW 4577->4578 4579 401757 4578->4579 4580 402a35 4581 402c1f 17 API calls 4580->4581 4582 402a3b 4581->4582 4583 402a72 4582->4583 4584 40288b 4582->4584 4586 402a4d 4582->4586 4583->4584 4585 4062dc 17 API calls 4583->4585 4585->4584 4586->4584 4588 406201 wsprintfW 4586->4588 4588->4584 4589 4014b8 4590 4014be 4589->4590 4591 401389 2 API calls 4590->4591 4592 4014c6 4591->4592 4593 401db9 GetDC 4594 402c1f 17 API calls 4593->4594 4595 401dcb GetDeviceCaps MulDiv ReleaseDC 4594->4595 4596 402c1f 17 API calls 4595->4596 4597 401dfc 4596->4597 4598 4062dc 17 API calls 4597->4598 4599 401e39 CreateFontIndirectW 4598->4599 4600 402592 4599->4600 4601 40283b 4602 402843 4601->4602 4603 402847 FindNextFileW 4602->4603 4606 402859 4602->4606 4604 4028a0 4603->4604 4603->4606 4607 4062ba lstrcpynW 4604->4607 4607->4606 3948 3091377 3955 309143a 3948->3955 3956 30913a3 3955->3956 3958 3091443 3955->3958 3960 30910d0 GetVersionExW 3956->3960 3957 3091473 GlobalFree 3957->3956 3958->3956 3958->3957 3959 309145f lstrcpynW 3958->3959 3959->3957 3961 309110a 3960->3961 3962 3091100 3960->3962 3963 309112c LoadLibraryW 3961->3963 3964 3091115 3961->3964 3986 30914cf wsprintfW 3962->3986 3966 30911af 3963->3966 3967 3091145 GetProcAddress 3963->3967 3964->3962 3965 3091227 LoadLibraryA 3964->3965 3965->3962 3968 309123f GetProcAddress GetProcAddress GetProcAddress 3965->3968 3966->3962 3975 30911c9 lstrcpynW lstrcmpiW 3966->3975 3977 3091219 LocalFree 3966->3977 3979 30911f9 3966->3979 3969 3091158 LocalAlloc 3967->3969 3970 3091198 3967->3970 3971 309133a FreeLibrary 3968->3971 3984 309126e 3968->3984 3973 3091193 3969->3973 3972 30911a4 FreeLibrary 3970->3972 3971->3962 3972->3966 3973->3970 3974 3091166 NtQuerySystemInformation 3973->3974 3974->3972 3976 3091179 LocalFree 3974->3976 3975->3966 3976->3970 3978 309118a LocalAlloc 3976->3978 3977->3962 3978->3973 3979->3966 3989 309103f OpenProcess 3979->3989 3981 30912a8 lstrlenW 3981->3984 3982 3091333 CloseHandle 3982->3971 3983 30912c9 lstrlenA MultiByteToWideChar lstrcmpiW 3983->3984 3984->3971 3984->3981 3984->3982 3984->3983 3985 309103f 8 API calls 3984->3985 3985->3984 4002 3091489 3986->4002 3990 30910cb 3989->3990 3991 3091060 3989->3991 3990->3979 3992 309106b EnumWindows 3991->3992 3993 30910ac TerminateProcess 3991->3993 3992->3993 3994 309107f GetExitCodeProcess 3992->3994 3999 3091007 GetWindowThreadProcessId 3992->3999 3995 30910a7 3993->3995 3996 30910be CloseHandle 3993->3996 3994->3995 3997 309108e 3994->3997 3995->3996 3996->3990 3997->3995 3998 3091097 WaitForSingleObject 3997->3998 3998->3993 3998->3995 4000 3091024 PostMessageW 3999->4000 4001 3091036 3999->4001 4000->4001 4003 30913b6 4002->4003 4004 3091492 GlobalAlloc lstrcpynW 4002->4004 4004->4003

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 0040338F Relevance: 75.7, APIs: 33, Strings: 10, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 0 40338f-4033cc SetErrorMode GetVersion 1 4033ce-4033d6 call 406694 0->1 2 4033df 0->2 1->2 7 4033d8 1->7 3 4033e4-4033f8 call 406624 lstrlenA 2->3 9 4033fa-403416 call 406694 * 3 3->9 7->2 16 403427-403486 #17 OleInitialize SHGetFileInfoW call 4062ba GetCommandLineW call 4062ba 9->16 17 403418-40341e 9->17 24 403490-4034aa call 405bbc CharNextW 16->24 25 403488-40348f 16->25 17->16 21 403420 17->21 21->16 28 4034b0-4034b6 24->28 29 4035c1-4035db GetTempPathW call 40335e 24->29 25->24 31 4034b8-4034bd 28->31 32 4034bf-4034c3 28->32 38 403633-40364d DeleteFileW call 402edd 29->38 39 4035dd-4035fb GetWindowsDirectoryW lstrcatW call 40335e 29->39 31->31 31->32 34 4034c5-4034c9 32->34 35 4034ca-4034ce 32->35 34->35 36 4034d4-4034da 35->36 37 40358d-40359a call 405bbc 35->37 40 4034f5-40352e 36->40 41 4034dc-4034e4 36->41 57 40359c-40359d 37->57 58 40359e-4035a4 37->58 52 403653-403659 38->52 53 4036fe-40370e ExitProcess OleUninitialize 38->53 39->38 56 4035fd-40362d GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40335e 39->56 47 403530-403535 40->47 48 40354b-403585 40->48 45 4034e6-4034e9 41->45 46 4034eb 41->46 45->40 45->46 46->40 47->48 54 403537-40353f 47->54 48->37 55 403587-40358b 48->55 60 4036ee-4036f5 call 4039aa 52->60 61 40365f-40366a call 405bbc 52->61 62 403834-40383a 53->62 63 403714-403724 call 405920 ExitProcess 53->63 64 403541-403544 54->64 65 403546 54->65 55->37 66 4035ac-4035ba call 4062ba 55->66 56->38 56->53 57->58 58->28 59 4035aa 58->59 68 4035bf 59->68 77 4036fa 60->77 83 4036b8-4036c2 61->83 84 40366c-4036a1 61->84 73 4038b8-4038c0 62->73 74 40383c-403852 GetCurrentProcess OpenProcessToken 62->74 64->48 64->65 65->48 66->68 68->29 78 4038c2 73->78 79 4038c6-4038ca ExitProcess 73->79 81 403854-403882 LookupPrivilegeValueW AdjustTokenPrivileges 74->81 82 403888-403896 call 406694 74->82 77->53 78->79 81->82 90 4038a4-4038af ExitWindowsEx 82->90 91 403898-4038a2 82->91 87 4036c4-4036d2 call 405c97 83->87 88 40372a-40373e call 40588b lstrcatW 83->88 86 4036a3-4036a7 84->86 92 4036b0-4036b4 86->92 93 4036a9-4036ae 86->93 87->53 104 4036d4-4036ea call 4062ba * 2 87->104 102 403740-403746 lstrcatW 88->102 103 40374b-403765 lstrcatW lstrcmpiW 88->103 90->73 96 4038b1-4038b3 call 40140b 90->96 91->90 91->96 92->86 97 4036b6 92->97 93->92 93->97 96->73 97->83 102->103 103->53 105 403767-40376a 103->105 104->60 107 403773 call 40586e 105->107 108 40376c-403771 call 4057f1 105->108 115 403778-403786 SetCurrentDirectoryW 107->115 108->115 116 403793-4037bc call 4062ba 115->116 117 403788-40378e call 4062ba 115->117 121 4037c1-4037dd call 4062dc DeleteFileW 116->121 117->116 124 40381e-403826 121->124 125 4037df-4037ef CopyFileW 121->125 124->121 126 403828-40382f call 406080 124->126 125->124 127 4037f1-403811 call 406080 call 4062dc call 4058a3 125->127 126->53 127->124 136 403813-40381a CloseHandle 127->136 136->124
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetErrorMode.KERNELBASE ref: 004033B2
                                                                                                                                                                                      • GetVersion.KERNEL32 ref: 004033B8
                                                                                                                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                                                                                                                                                                                      • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403428
                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0040342F
                                                                                                                                                                                      • SHGetFileInfoW.SHELL32(00440208,00000000,?,000002B4,00000000), ref: 0040344B
                                                                                                                                                                                      • GetCommandLineW.KERNEL32(00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 00403460
                                                                                                                                                                                      • CharNextW.USER32(00000000,004CB000,00000020,004CB000,00000000,?,00000006,00000008,0000000A), ref: 00403498
                                                                                                                                                                                        • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                        • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                      • GetTempPathW.KERNEL32(00002000,004DF000,?,00000006,00000008,0000000A), ref: 004035D2
                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(004DF000,00001FFB,?,00000006,00000008,0000000A), ref: 004035E3
                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,\Temp), ref: 004035EF
                                                                                                                                                                                      • GetTempPathW.KERNEL32(00001FFC,004DF000,004DF000,\Temp,?,00000006,00000008,0000000A), ref: 00403603
                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,Low), ref: 0040360B
                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,004DF000,004DF000,Low,?,00000006,00000008,0000000A), ref: 0040361C
                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,004DF000,?,00000006,00000008,0000000A), ref: 00403624
                                                                                                                                                                                      • DeleteFileW.KERNELBASE(004DB000,?,00000006,00000008,0000000A), ref: 00403638
                                                                                                                                                                                        • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                      • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 004036FE
                                                                                                                                                                                      • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 00403703
                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00403724
                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,~nsu), ref: 00403737
                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,0040A26C), ref: 00403746
                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,.tmp), ref: 00403751
                                                                                                                                                                                      • lstrcmpiW.KERNEL32(004DF000,004D7000,004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040375D
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(004DF000,004DF000,?,00000006,00000008,0000000A), ref: 00403779
                                                                                                                                                                                      • DeleteFileW.KERNEL32(0043C208,0043C208,?,0047B000,00000008,?,00000006,00000008,0000000A), ref: 004037D3
                                                                                                                                                                                      • CopyFileW.KERNEL32(004E7000,0043C208,00000001,?,00000006,00000008,0000000A), ref: 004037E7
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,0043C208,0043C208,?,0043C208,00000000,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403843
                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 0040384A
                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040385F
                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32 ref: 00403882
                                                                                                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 004038A7
                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 004038CA
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                      • String ID: .tmp$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                      • API String ID: 424501083-3195845224
                                                                                                                                                                                      • Opcode ID: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                      • Instruction ID: 33fbdd78d52bfd04f2c73b4da217482bb076a8c6d1615cdfa2cd3638f3c4bec2
                                                                                                                                                                                      • Opcode Fuzzy Hash: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                      • Instruction Fuzzy Hash: 45D1F471100310AAE720BF769D45B2B3AADEB4070AF10447FF885B62E1DBBD8D55876E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405461 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 137 405461-40547c 138 405482-405549 GetDlgItem * 3 call 404266 call 404bbf GetClientRect GetSystemMetrics SendMessageW * 2 137->138 139 40560b-405612 137->139 161 405567-40556a 138->161 162 40554b-405565 SendMessageW * 2 138->162 141 405614-405636 GetDlgItem CreateThread FindCloseChangeNotification 139->141 142 40563c-405649 139->142 141->142 144 405667-405671 142->144 145 40564b-405651 142->145 146 405673-405679 144->146 147 4056c7-4056cb 144->147 149 405653-405662 ShowWindow * 2 call 404266 145->149 150 40568c-405695 call 404298 145->150 151 4056a1-4056b1 ShowWindow 146->151 152 40567b-405687 call 40420a 146->152 147->150 155 4056cd-4056d3 147->155 149->144 158 40569a-40569e 150->158 159 4056c1-4056c2 call 40420a 151->159 160 4056b3-4056bc call 405322 151->160 152->150 155->150 163 4056d5-4056e8 SendMessageW 155->163 159->147 160->159 166 40557a-405591 call 404231 161->166 167 40556c-405578 SendMessageW 161->167 162->161 168 4057ea-4057ec 163->168 169 4056ee-405719 CreatePopupMenu call 4062dc AppendMenuW 163->169 176 405593-4055a7 ShowWindow 166->176 177 4055c7-4055e8 GetDlgItem SendMessageW 166->177 167->166 168->158 174 40571b-40572b GetWindowRect 169->174 175 40572e-405743 TrackPopupMenu 169->175 174->175 175->168 178 405749-405760 175->178 179 4055b6 176->179 180 4055a9-4055b4 ShowWindow 176->180 177->168 181 4055ee-405606 SendMessageW * 2 177->181 182 405765-405780 SendMessageW 178->182 183 4055bc-4055c2 call 404266 179->183 180->183 181->168 182->182 184 405782-4057a5 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 182->184 183->177 186 4057a7-4057ce SendMessageW 184->186 186->186 187 4057d0-4057e4 GlobalUnlock SetClipboardData CloseClipboard 186->187 187->168
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 004054BF
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 004054CE
                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040550B
                                                                                                                                                                                      • GetSystemMetrics.USER32(00000002), ref: 00405512
                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405533
                                                                                                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405544
                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405557
                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405565
                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405578
                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040559A
                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 004055AE
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004055CF
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055DF
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055F8
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405604
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 004054DD
                                                                                                                                                                                        • Part of subcall function 00404266: SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405621
                                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_000053F5,00000000), ref: 0040562F
                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00405636
                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 0040565A
                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 0040565F
                                                                                                                                                                                      • ShowWindow.USER32(00000008), ref: 004056A9
                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056DD
                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 004056EE
                                                                                                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405702
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00405722
                                                                                                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040573B
                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405783
                                                                                                                                                                                      • EmptyClipboard.USER32 ref: 00405789
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405795
                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0040579F
                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057B3
                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004057D3
                                                                                                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004057DE
                                                                                                                                                                                      • CloseClipboard.USER32 ref: 004057E4
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                                                                      • String ID: {
                                                                                                                                                                                      • API String ID: 4154960007-366298937
                                                                                                                                                                                      • Opcode ID: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                      • Instruction ID: bae72a1d173c3811f2fd5642bc5838002141c6bee16c4b6d0499208050eeb164
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CB12970900608FFDB119FA0DE89EAE7B79FB48354F00413AFA45A61A0CBB55E91DF58
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 030910D0 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 217COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 293 30910d0-30910fe GetVersionExW 294 309110a-3091113 293->294 295 3091100-3091105 293->295 297 309112c-3091143 LoadLibraryW 294->297 298 3091115-309111c 294->298 296 3091374-3091376 295->296 301 30911af 297->301 302 3091145-3091156 GetProcAddress 297->302 299 3091122-3091127 298->299 300 3091227-3091239 LoadLibraryA 298->300 306 3091372-3091373 299->306 303 3091349-309134e 300->303 304 309123f-3091268 GetProcAddress * 3 300->304 305 30911b4-30911b6 301->305 307 3091158-3091164 LocalAlloc 302->307 308 309119f 302->308 303->306 309 309133a-309133d FreeLibrary 304->309 310 309126e-3091270 304->310 312 30911b8-30911ba 305->312 313 30911bf 305->313 306->296 314 3091193-3091196 307->314 311 30911a4-30911ad FreeLibrary 308->311 319 3091343-3091347 309->319 310->309 317 3091276-3091278 310->317 311->305 312->306 318 30911c2-30911c7 313->318 315 3091198-309119d 314->315 316 3091166-3091177 NtQuerySystemInformation 314->316 315->311 316->311 324 3091179-3091188 LocalFree 316->324 317->309 320 309127e-3091289 317->320 321 30911c9-30911ee lstrcpynW lstrcmpiW 318->321 322 309120f-3091213 318->322 319->303 323 3091350-3091354 319->323 320->309 335 309128f-30912a3 320->335 321->322 325 30911f0-30911f7 321->325 328 3091219-3091222 LocalFree 322->328 329 3091215-3091217 322->329 326 3091370 323->326 327 3091356-309135a 323->327 324->315 330 309118a-3091191 LocalAlloc 324->330 325->328 332 30911f9-309120c call 309103f 325->332 326->306 333 309135c-3091361 327->333 334 3091363-3091367 327->334 328->319 329->318 330->314 332->322 333->306 334->326 337 3091369-309136e 334->337 340 309132b-309132d 335->340 337->306 341 30912a8-30912bc lstrlenW 340->341 342 3091333-3091334 CloseHandle 340->342 343 30912c3-30912c7 341->343 342->309 344 30912c9-30912fc lstrlenA MultiByteToWideChar lstrcmpiW 343->344 345 30912be-30912c0 343->345 347 30912fe-3091305 344->347 348 3091320-3091327 344->348 345->344 346 30912c2 345->346 346->343 347->342 349 3091307-309131d call 309103f 347->349 348->340 349->348
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 030910F6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2055025647.0000000003091000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03090000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2055006323.0000000003090000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2055042402.0000000003092000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2055062837.0000000003094000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3090000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Version
                                                                                                                                                                                      • String ID: CreateToolhelp32Snapshot$KERNEL32.DLL$NTDLL.DLL$NtQuerySystemInformation$Process32First$Process32Next
                                                                                                                                                                                      • API String ID: 1889659487-877962304
                                                                                                                                                                                      • Opcode ID: 374c08f0cf5d4bcea5b0106fae31cd53770710e8ab8495bce1279ea56f40632f
                                                                                                                                                                                      • Instruction ID: b165d35feb2052b2de56feddc24ba3ca66132a84886d93390b140db358a98a2f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 374c08f0cf5d4bcea5b0106fae31cd53770710e8ab8495bce1279ea56f40632f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E71A071A0220AFFEF25EBA4CC48AAEBBFDBB48345F094467E515E6140D3748A44EF54
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00404722 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 275stringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 426 404722-40474c 427 40474e-40475a call 405904 call 40654e 426->427 428 40475f-404769 426->428 427->428 429 4047d7-4047de 428->429 430 40476b-404781 GetDlgItem call 405c06 428->430 433 4047e4-4047ed 429->433 434 4048b5-4048bc 429->434 442 404793-4047cc SetWindowTextW call 404231 * 2 call 404266 call 406694 430->442 443 404783-40478b call 405c3a 430->443 438 404807-40480c 433->438 439 4047ef-4047fa 433->439 440 4048cb-4048e6 call 405904 call 405c97 434->440 441 4048be-4048c5 434->441 438->434 446 404812-404854 call 4062dc SHBrowseForFolderW 438->446 444 404800 439->444 445 404a63-404a75 call 404298 439->445 465 4048e8 440->465 466 4048ef-404907 call 4062ba call 406694 440->466 441->440 441->445 442->445 484 4047d2-4047d5 SHAutoComplete 442->484 443->442 458 40478d-40478e call 405b8f 443->458 444->438 459 404856-404870 CoTaskMemFree call 405b8f 446->459 460 4048ae 446->460 458->442 473 404872-404878 459->473 474 40489a-4048ac SetDlgItemTextW 459->474 460->434 465->466 482 404943-404954 call 4062ba call 405c3a 466->482 483 404909-40490f 466->483 473->474 475 40487a-404891 call 4062dc lstrcmpiW 473->475 474->434 475->474 485 404893-404895 lstrcatW 475->485 500 404956 482->500 501 404959-404972 GetDiskFreeSpaceW 482->501 483->482 486 404911-404923 GetDiskFreeSpaceExW 483->486 484->429 485->474 488 404925-404927 486->488 489 40499b-4049b5 486->489 492 404929 488->492 493 40492c-404941 call 405bdb 488->493 491 4049b7 489->491 495 4049bc-4049c6 call 404bbf 491->495 492->493 493->482 493->486 504 4049e1-4049ea 495->504 505 4049c8-4049cf 495->505 500->501 501->491 502 404974-404999 MulDiv 501->502 502->495 507 404a1c-404a26 504->507 508 4049ec-4049fc call 404ba7 504->508 505->504 506 4049d1 505->506 511 4049d3-4049d8 506->511 512 4049da 506->512 509 404a32-404a38 507->509 510 404a28-404a2f call 40140b 507->510 520 404a0e-404a17 SetDlgItemTextW 508->520 521 4049fe-404a0c call 404ade 508->521 515 404a3a 509->515 516 404a3d-404a4e call 404253 509->516 510->509 511->504 511->512 512->504 515->516 525 404a50-404a56 516->525 526 404a5d 516->526 520->507 521->507 525->526 527 404a58 call 40467b 525->527 526->445 527->526
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404771
                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 0040479B
                                                                                                                                                                                      • SHAutoComplete.SHLWAPI(00000000,00000001,00000007,00000000,?,00000014,?,?,00000001,?), ref: 004047D5
                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040484C
                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404857
                                                                                                                                                                                      • lstrcmpiW.KERNEL32(Delete on reboot: ,00450248,00000000,?,?), ref: 00404889
                                                                                                                                                                                      • lstrcatW.KERNEL32(?,Delete on reboot: ), ref: 00404895
                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048A7
                                                                                                                                                                                        • Part of subcall function 00405904: GetDlgItemTextW.USER32(?,?,00002000,004048DE), ref: 00405917
                                                                                                                                                                                        • Part of subcall function 0040654E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                        • Part of subcall function 0040654E: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                        • Part of subcall function 0040654E: CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                        • Part of subcall function 0040654E: CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNELBASE(00440218,?,?,?,00000001,00440218,?,?,000003FB,?), ref: 0040491E
                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(00440218,?,?,0000040F,?,00440218,00440218,?,00000001,00440218,?,?,000003FB,?), ref: 0040496A
                                                                                                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404985
                                                                                                                                                                                        • Part of subcall function 00404ADE: lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                        • Part of subcall function 00404ADE: wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                        • Part of subcall function 00404ADE: SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                      • String ID: A$Delete on reboot:
                                                                                                                                                                                      • API String ID: 4039761011-2014378647
                                                                                                                                                                                      • Opcode ID: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                      • Instruction ID: aec38ac33e169681c2ce75898e964705c21f391e9d8eef84a8e49708370a7c65
                                                                                                                                                                                      • Opcode Fuzzy Hash: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CA173B1900208ABDB11AFA5CD45AAF77B8EF84314F10847BF605B62D1D77C99418F6D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004059CC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 659 4059cc-4059f2 call 405c97 662 4059f4-405a06 DeleteFileW 659->662 663 405a0b-405a12 659->663 664 405b88-405b8c 662->664 665 405a14-405a16 663->665 666 405a25-405a35 call 4062ba 663->666 667 405b36-405b3b 665->667 668 405a1c-405a1f 665->668 672 405a44-405a45 call 405bdb 666->672 673 405a37-405a42 lstrcatW 666->673 667->664 671 405b3d-405b40 667->671 668->666 668->667 674 405b42-405b48 671->674 675 405b4a-405b52 call 4065fd 671->675 676 405a4a-405a4e 672->676 673->676 674->664 675->664 683 405b54-405b68 call 405b8f call 405984 675->683 679 405a50-405a58 676->679 680 405a5a-405a60 lstrcatW 676->680 679->680 682 405a65-405a81 lstrlenW FindFirstFileW 679->682 680->682 684 405a87-405a8f 682->684 685 405b2b-405b2f 682->685 699 405b80-405b83 call 405322 683->699 700 405b6a-405b6d 683->700 688 405a91-405a99 684->688 689 405aaf-405ac3 call 4062ba 684->689 685->667 687 405b31 685->687 687->667 692 405a9b-405aa3 688->692 693 405b0e-405b1e FindNextFileW 688->693 701 405ac5-405acd 689->701 702 405ada-405ae5 call 405984 689->702 692->689 698 405aa5-405aad 692->698 693->684 697 405b24-405b25 FindClose 693->697 697->685 698->689 698->693 699->664 700->674 703 405b6f-405b7e call 405322 call 406080 700->703 701->693 704 405acf-405ad8 call 4059cc 701->704 712 405b06-405b09 call 405322 702->712 713 405ae7-405aea 702->713 703->664 704->693 712->693 716 405aec-405afc call 405322 call 406080 713->716 717 405afe-405b04 713->717 716->693 717->693
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,004DF000,74DF3420,00000000), ref: 004059F5
                                                                                                                                                                                      • lstrcatW.KERNEL32(00460250,\*.*), ref: 00405A3D
                                                                                                                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405A60
                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A66
                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(00460250,?,?,?,0040A014,?,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A76
                                                                                                                                                                                      • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B16
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00405B25
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                      • API String ID: 2035342205-1173974218
                                                                                                                                                                                      • Opcode ID: d24b36fde581ccc6802bb78d79f9b729ec530bf46928932bd36a11826cef9a2a
                                                                                                                                                                                      • Instruction ID: 3baa02bdf70247edfb0f680676f8bffda79515ede8bd61e7e13478a9eee65f3b
                                                                                                                                                                                      • Opcode Fuzzy Hash: d24b36fde581ccc6802bb78d79f9b729ec530bf46928932bd36a11826cef9a2a
                                                                                                                                                                                      • Instruction Fuzzy Hash: E141D430900914AACB21AB618C89ABF7778EF45369F10427FF801711D1D77CAD81DE6E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004065FD Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00406608
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00406614
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                      • Opcode ID: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                      • Instruction ID: 086872f0bf6ffc0fec3bf9e050170664210a11ef237051a194e92f35cf11c1a2
                                                                                                                                                                                      • Opcode Fuzzy Hash: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 52D012315455205BC7001B386E0C85B7B599F553317158F37F46AF51E0DB758C62869D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateInstance
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 542301482-0
                                                                                                                                                                                      • Opcode ID: 480e397dae40ebfa96f82ecc2c51ce6f9583f8d74ca207046111302e71a4974e
                                                                                                                                                                                      • Instruction ID: 6590b0d0bd135a94e5278e34c2007f8374f9804fe0c2ec815525577e7f77d17f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 480e397dae40ebfa96f82ecc2c51ce6f9583f8d74ca207046111302e71a4974e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 01414C71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB44
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00403D58 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 188 403d58-403d6a 189 403d70-403d76 188->189 190 403eab-403eba 188->190 189->190 191 403d7c-403d85 189->191 192 403f09-403f1e 190->192 193 403ebc-403f04 GetDlgItem * 2 call 404231 SetClassLongW call 40140b 190->193 197 403d87-403d94 SetWindowPos 191->197 198 403d9a-403d9d 191->198 195 403f20-403f23 192->195 196 403f5e-403f63 call 40427d 192->196 193->192 202 403f25-403f30 call 401389 195->202 203 403f56-403f58 195->203 210 403f68-403f83 196->210 197->198 199 403db7-403dbd 198->199 200 403d9f-403db1 ShowWindow 198->200 205 403dd9-403ddc 199->205 206 403dbf-403dd4 DestroyWindow 199->206 200->199 202->203 224 403f32-403f51 SendMessageW 202->224 203->196 209 4041fe 203->209 214 403dde-403dea SetWindowLongW 205->214 215 403def-403df5 205->215 211 4041db-4041e1 206->211 213 404200-404207 209->213 217 403f85-403f87 call 40140b 210->217 218 403f8c-403f92 210->218 211->209 219 4041e3-4041e9 211->219 214->213 222 403e98-403ea6 call 404298 215->222 223 403dfb-403e0c GetDlgItem 215->223 217->218 220 403f98-403fa3 218->220 221 4041bc-4041d5 DestroyWindow KiUserCallbackDispatcher 218->221 219->209 226 4041eb-4041f4 ShowWindow 219->226 220->221 227 403fa9-403ff6 call 4062dc call 404231 * 3 GetDlgItem 220->227 221->211 222->213 228 403e2b-403e2e 223->228 229 403e0e-403e25 SendMessageW IsWindowEnabled 223->229 224->213 226->209 258 404000-40403c ShowWindow KiUserCallbackDispatcher call 404253 KiUserCallbackDispatcher 227->258 259 403ff8-403ffd 227->259 232 403e30-403e31 228->232 233 403e33-403e36 228->233 229->209 229->228 236 403e61-403e66 call 40420a 232->236 237 403e44-403e49 233->237 238 403e38-403e3e 233->238 236->222 242 403e7f-403e92 SendMessageW 237->242 243 403e4b-403e51 237->243 241 403e40-403e42 238->241 238->242 241->236 242->222 246 403e53-403e59 call 40140b 243->246 247 403e68-403e71 call 40140b 243->247 254 403e5f 246->254 247->222 256 403e73-403e7d 247->256 254->236 256->254 262 404041 258->262 263 40403e-40403f 258->263 259->258 264 404043-404071 GetSystemMenu EnableMenuItem SendMessageW 262->264 263->264 265 404073-404084 SendMessageW 264->265 266 404086 264->266 267 40408c-4040cb call 404266 call 403d39 call 4062ba lstrlenW call 4062dc SetWindowTextW call 401389 265->267 266->267 267->210 278 4040d1-4040d3 267->278 278->210 279 4040d9-4040dd 278->279 280 4040fc-404110 DestroyWindow 279->280 281 4040df-4040e5 279->281 280->211 283 404116-404143 CreateDialogParamW 280->283 281->209 282 4040eb-4040f1 281->282 282->210 284 4040f7 282->284 283->211 285 404149-4041a0 call 404231 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 283->285 284->209 285->209 290 4041a2-4041b5 ShowWindow call 40427d 285->290 292 4041ba 290->292 292->211
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D94
                                                                                                                                                                                      • ShowWindow.USER32(?), ref: 00403DB1
                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00403DC5
                                                                                                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DE1
                                                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00403E02
                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E16
                                                                                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403E1D
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403ECB
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403ED5
                                                                                                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403EEF
                                                                                                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F40
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403FE6
                                                                                                                                                                                      • ShowWindow.USER32(00000000,?), ref: 00404007
                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404019
                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404034
                                                                                                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040404A
                                                                                                                                                                                      • EnableMenuItem.USER32(00000000), ref: 00404051
                                                                                                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404069
                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040407C
                                                                                                                                                                                      • lstrlenW.KERNEL32(00450248,?,00450248,00000000), ref: 004040A6
                                                                                                                                                                                      • SetWindowTextW.USER32(?,00450248), ref: 004040BA
                                                                                                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 004041EE
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Item$MessageSend$Show$CallbackDispatcherLongMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1252290697-0
                                                                                                                                                                                      • Opcode ID: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                      • Instruction ID: ebd8885eb79f40fe398f9982bcc50e4b60f6275a3dc5f5776bcae5bce4ead0d0
                                                                                                                                                                                      • Opcode Fuzzy Hash: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                      • Instruction Fuzzy Hash: AFC1D5B1500304ABDB206F61EE88E2B3A78FB95346F00053EF645B51F1CB799891DB6E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004039AA Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 352 4039aa-4039c2 call 406694 355 4039c4-4039d4 call 406201 352->355 356 4039d6-403a0d call 406188 352->356 363 403a30-403a59 call 403c80 call 405c97 355->363 361 403a25-403a2b lstrcatW 356->361 362 403a0f-403a20 call 406188 356->362 361->363 362->361 370 403aeb-403af3 call 405c97 363->370 371 403a5f-403a64 363->371 377 403b01-403b26 LoadImageW 370->377 378 403af5-403afc call 4062dc 370->378 371->370 372 403a6a-403a92 call 406188 371->372 372->370 379 403a94-403a98 372->379 381 403ba7-403baf call 40140b 377->381 382 403b28-403b58 RegisterClassW 377->382 378->377 384 403aaa-403ab6 lstrlenW 379->384 385 403a9a-403aa7 call 405bbc 379->385 393 403bb1-403bb4 381->393 394 403bb9-403bc4 call 403c80 381->394 386 403c76 382->386 387 403b5e-403ba2 SystemParametersInfoW CreateWindowExW 382->387 391 403ab8-403ac6 lstrcmpiW 384->391 392 403ade-403ae6 call 405b8f call 4062ba 384->392 385->384 390 403c78-403c7f 386->390 387->381 391->392 397 403ac8-403ad2 GetFileAttributesW 391->397 392->370 393->390 405 403bca-403be4 ShowWindow call 406624 394->405 406 403c4d-403c4e call 4053f5 394->406 398 403ad4-403ad6 397->398 399 403ad8-403ad9 call 405bdb 397->399 398->392 398->399 399->392 413 403bf0-403c02 GetClassInfoW 405->413 414 403be6-403beb call 406624 405->414 409 403c53-403c55 406->409 411 403c57-403c5d 409->411 412 403c6f-403c71 call 40140b 409->412 411->393 415 403c63-403c6a call 40140b 411->415 412->386 418 403c04-403c14 GetClassInfoW RegisterClassW 413->418 419 403c1a-403c3d DialogBoxParamW call 40140b 413->419 414->413 415->393 418->419 423 403c42-403c4b call 4038fa 419->423 423->390
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                        • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                      • lstrcatW.KERNEL32(004DB000,00450248), ref: 00403A2B
                                                                                                                                                                                      • lstrlenW.KERNEL32(Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000), ref: 00403AAB
                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000), ref: 00403ABE
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(Delete on reboot: ), ref: 00403AC9
                                                                                                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004CF000), ref: 00403B12
                                                                                                                                                                                        • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                                                                                                                                                                      • RegisterClassW.USER32(00472E80), ref: 00403B4F
                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B67
                                                                                                                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B9C
                                                                                                                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403BD2
                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,00472E80), ref: 00403BFE
                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,00472E80), ref: 00403C0B
                                                                                                                                                                                      • RegisterClassW.USER32(00472E80), ref: 00403C14
                                                                                                                                                                                      • DialogBoxParamW.USER32(?,00000000,00403D58,00000000), ref: 00403C33
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                      • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Delete on reboot: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                      • API String ID: 1975747703-2967253400
                                                                                                                                                                                      • Opcode ID: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                      • Instruction ID: e946f9b6b947081a315c1f95bc525aa973ad4f651662e5f5477bf26fdb3bf1de
                                                                                                                                                                                      • Opcode Fuzzy Hash: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                      • Instruction Fuzzy Hash: B361C8302407007ED720AF669E45E2B3A6CEB8474AF40417FF985B51E2DBBD5951CB2E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004062DC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 529 4062dc-4062e7 530 4062e9-4062f8 529->530 531 4062fa-406310 529->531 530->531 532 406316-406323 531->532 533 406528-40652e 531->533 532->533 536 406329-406330 532->536 534 406534-40653f 533->534 535 406335-406342 533->535 537 406541-406545 call 4062ba 534->537 538 40654a-40654b 534->538 535->534 539 406348-406354 535->539 536->533 537->538 541 406515 539->541 542 40635a-406398 539->542 545 406523-406526 541->545 546 406517-406521 541->546 543 4064b8-4064bc 542->543 544 40639e-4063a9 542->544 549 4064be-4064c4 543->549 550 4064ef-4064f3 543->550 547 4063c2 544->547 548 4063ab-4063b0 544->548 545->533 546->533 554 4063c9-4063d0 547->554 548->547 551 4063b2-4063b5 548->551 552 4064d4-4064e0 call 4062ba 549->552 553 4064c6-4064d2 call 406201 549->553 555 406502-406513 lstrlenW 550->555 556 4064f5-4064fd call 4062dc 550->556 551->547 557 4063b7-4063ba 551->557 567 4064e5-4064eb 552->567 553->567 559 4063d2-4063d4 554->559 560 4063d5-4063d7 554->560 555->533 556->555 557->547 563 4063bc-4063c0 557->563 559->560 565 406412-406415 560->565 566 4063d9-406400 call 406188 560->566 563->554 568 406425-406428 565->568 569 406417-406423 GetSystemDirectoryW 565->569 579 4064a0-4064a3 566->579 580 406406-40640d call 4062dc 566->580 567->555 571 4064ed 567->571 573 406493-406495 568->573 574 40642a-406438 GetWindowsDirectoryW 568->574 572 406497-40649b 569->572 576 4064b0-4064b6 call 40654e 571->576 572->576 581 40649d 572->581 573->572 578 40643a-406444 573->578 574->573 576->555 583 406446-406449 578->583 584 40645e-406474 SHGetSpecialFolderLocation 578->584 579->576 586 4064a5-4064ab lstrcatW 579->586 580->572 581->579 583->584 587 40644b-406452 583->587 588 406476-40648d SHGetPathFromIDListW CoTaskMemFree 584->588 589 40648f 584->589 586->576 591 40645a-40645c 587->591 588->572 588->589 589->573 591->572 591->584
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(Delete on reboot: ,00002000), ref: 0040641D
                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(Delete on reboot: ,00002000,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,?,00405359,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,00000000), ref: 00406430
                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00405359,0042CE00,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,?,00405359,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,00000000), ref: 0040646C
                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(0042CE00,Delete on reboot: ), ref: 0040647A
                                                                                                                                                                                      • CoTaskMemFree.OLE32(0042CE00), ref: 00406485
                                                                                                                                                                                      • lstrcatW.KERNEL32(Delete on reboot: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004064AB
                                                                                                                                                                                      • lstrlenW.KERNEL32(Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,?,00405359,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,00000000), ref: 00406503
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                      • String ID: Delete on reboot: $Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                      • API String ID: 717251189-3199377450
                                                                                                                                                                                      • Opcode ID: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                      • Instruction ID: deb4280fb9253f119c0dee44fead77f8699473dbe43bed35a1e393a154a8df3c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 87612371A00115AADF209F64DC44BAE37A5EF45318F22803FE907B62D0D77D9AA1C75E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402EDD Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 592 402edd-402f2b GetTickCount GetModuleFileNameW call 405db0 595 402f37-402f65 call 4062ba call 405bdb call 4062ba GetFileSize 592->595 596 402f2d-402f32 592->596 604 403052-403060 call 402e79 595->604 605 402f6b 595->605 597 40310f-403113 596->597 611 403062-403065 604->611 612 4030b5-4030ba 604->612 607 402f70-402f87 605->607 609 402f89 607->609 610 402f8b-402f94 call 403331 607->610 609->610 618 402f9a-402fa1 610->618 619 4030bc-4030c4 call 402e79 610->619 614 403067-40307f call 403347 call 403331 611->614 615 403089-4030b3 GlobalAlloc call 403347 call 403116 611->615 612->597 614->612 638 403081-403087 614->638 615->612 643 4030c6-4030d7 615->643 623 402fa3-402fb7 call 405d6b 618->623 624 40301d-403021 618->624 619->612 629 40302b-403031 623->629 641 402fb9-402fc0 623->641 628 403023-40302a call 402e79 624->628 624->629 628->629 634 403040-40304a 629->634 635 403033-40303d call 406787 629->635 634->607 642 403050 634->642 635->634 638->612 638->615 641->629 647 402fc2-402fc9 641->647 642->604 644 4030d9 643->644 645 4030df-4030e4 643->645 644->645 648 4030e5-4030eb 645->648 647->629 649 402fcb-402fd2 647->649 648->648 651 4030ed-403108 SetFilePointer call 405d6b 648->651 649->629 650 402fd4-402fdb 649->650 650->629 652 402fdd-402ffd 650->652 655 40310d 651->655 652->612 654 403003-403007 652->654 656 403009-40300d 654->656 657 40300f-403017 654->657 655->597 656->642 656->657 657->629 658 403019-40301b 657->658 658->629
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,004E7000,00002000,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                                                                                                                        • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                        • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,004EB000,00000000,004D7000,004D7000,004E7000,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Inst, xrefs: 00402FC2
                                                                                                                                                                                      • Null, xrefs: 00402FD4
                                                                                                                                                                                      • soft, xrefs: 00402FCB
                                                                                                                                                                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                                                                                                                                                                      • Error launching installer, xrefs: 00402F2D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                      • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                      • API String ID: 4283519449-527102705
                                                                                                                                                                                      • Opcode ID: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                      • Instruction ID: d807cc789e5c0b6659aec278a7977cb1897ccc82e3fedab9e592eb30a9b28e48
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 23511671901205ABDB20AF61DD85B9F7FACEB0431AF20403BF914B62D5C7789E818B9D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 723 40176f-401794 call 402c41 call 405c06 728 401796-40179c call 4062ba 723->728 729 40179e-4017b0 call 4062ba call 405b8f lstrcatW 723->729 734 4017b5-4017b6 call 40654e 728->734 729->734 738 4017bb-4017bf 734->738 739 4017c1-4017cb call 4065fd 738->739 740 4017f2-4017f5 738->740 747 4017dd-4017ef 739->747 748 4017cd-4017db CompareFileTime 739->748 741 4017f7-4017f8 call 405d8b 740->741 742 4017fd-401819 call 405db0 740->742 741->742 750 40181b-40181e 742->750 751 40188d-4018b6 call 405322 call 403116 742->751 747->740 748->747 752 401820-40185e call 4062ba * 2 call 4062dc call 4062ba call 405920 750->752 753 40186f-401879 call 405322 750->753 763 4018b8-4018bc 751->763 764 4018be-4018ca SetFileTime 751->764 752->738 785 401864-401865 752->785 765 401882-401888 753->765 763->764 767 4018d0-4018db FindCloseChangeNotification 763->767 764->767 768 402ace 765->768 771 4018e1-4018e4 767->771 772 402ac5-402ac8 767->772 773 402ad0-402ad4 768->773 775 4018e6-4018f7 call 4062dc lstrcatW 771->775 776 4018f9-4018fc call 4062dc 771->776 772->768 782 401901-4022fc call 405920 775->782 776->782 782->772 782->773 785->765 787 401867-401868 785->787 787->753
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,004D3000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                        • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                        • Part of subcall function 00405322: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                        • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                        • Part of subcall function 00405322: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,0040327A), ref: 0040537D
                                                                                                                                                                                        • Part of subcall function 00405322: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\), ref: 0040538F
                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsv30A.tmp$C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll$Call
                                                                                                                                                                                      • API String ID: 1941528284-2461961023
                                                                                                                                                                                      • Opcode ID: facad48971dc4d82a0e7dc9ac583247fc54fe6a635ba521aa9c5b4002995d0b4
                                                                                                                                                                                      • Instruction ID: c6e8234c1d4b6e0ef99598e998ad36802638a9a190aaa2bd7459f070bf199d51
                                                                                                                                                                                      • Opcode Fuzzy Hash: facad48971dc4d82a0e7dc9ac583247fc54fe6a635ba521aa9c5b4002995d0b4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9841B471900514BACF107BA5CD45DAF3A79EF05368F20423FF422B10E1DA3C86919A6E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00406624 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 789 406624-406644 GetSystemDirectoryW 790 406646 789->790 791 406648-40664a 789->791 790->791 792 40665b-40665d 791->792 793 40664c-406655 791->793 795 40665e-406691 wsprintfW LoadLibraryExW 792->795 793->792 794 406657-406659 793->794 794->795
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                      • wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                      • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                      • API String ID: 2200240437-1946221925
                                                                                                                                                                                      • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                      • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                                                                                                                                                                                      • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 796 403116-40312d 797 403136-40313f 796->797 798 40312f 796->798 799 403141 797->799 800 403148-40314d 797->800 798->797 799->800 801 40315d-40316a call 403331 800->801 802 40314f-403158 call 403347 800->802 806 403170-403174 801->806 807 40331f 801->807 802->801 808 4032ca-4032cc 806->808 809 40317a-4031c3 GetTickCount 806->809 810 403321-403322 807->810 811 40330c-40330f 808->811 812 4032ce-4032d1 808->812 813 403327 809->813 814 4031c9-4031d1 809->814 815 40332a-40332e 810->815 816 403311 811->816 817 403314-40331d call 403331 811->817 812->813 818 4032d3 812->818 813->815 819 4031d3 814->819 820 4031d6-4031e4 call 403331 814->820 816->817 817->807 829 403324 817->829 822 4032d6-4032dc 818->822 819->820 820->807 828 4031ea-4031f3 820->828 826 4032e0-4032ee call 403331 822->826 827 4032de 822->827 826->807 833 4032f0-4032f5 call 405e62 826->833 827->826 831 4031f9-403219 call 4067f5 828->831 829->813 838 4032c2-4032c4 831->838 839 40321f-403232 GetTickCount 831->839 837 4032fa-4032fc 833->837 840 4032c6-4032c8 837->840 841 4032fe-403308 837->841 838->810 842 403234-40323c 839->842 843 40327d-40327f 839->843 840->810 841->822 844 40330a 841->844 845 403244-40327a MulDiv wsprintfW call 405322 842->845 846 40323e-403242 842->846 847 403281-403285 843->847 848 4032b6-4032ba 843->848 844->813 845->843 846->843 846->845 851 403287-40328e call 405e62 847->851 852 40329c-4032a7 847->852 848->814 849 4032c0 848->849 849->813 857 403293-403295 851->857 853 4032aa-4032ae 852->853 853->831 856 4032b4 853->856 856->813 857->840 858 403297-40329a 857->858 858->853
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CountTick$wsprintf
                                                                                                                                                                                      • String ID: ... %d%%
                                                                                                                                                                                      • API String ID: 551687249-2449383134
                                                                                                                                                                                      • Opcode ID: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                      • Instruction ID: f437ad28db75119c3a693f92e670aa5c34007c7df9fe8e0debaece40423bbb79
                                                                                                                                                                                      • Opcode Fuzzy Hash: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D517D71900219DBDB10DF66EA44AAE7BB8AB04356F54417FEC14B72C0CB388A51CBA9
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 859 401c1f-401c3f call 402c1f * 2 864 401c41-401c48 call 402c41 859->864 865 401c4b-401c4f 859->865 864->865 867 401c51-401c58 call 402c41 865->867 868 401c5b-401c61 865->868 867->868 871 401c63-401c7f call 402c1f * 2 868->871 872 401caf-401cd9 call 402c41 * 2 FindWindowExW 868->872 882 401c81-401c9d SendMessageTimeoutW 871->882 883 401c9f-401cad SendMessageW 871->883 884 401cdf 872->884 885 401ce2-401ce5 882->885 883->884 884->885 886 402ac5-402ad4 885->886 887 401ceb 885->887 887->886
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                                                                                      • String ID: !
                                                                                                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                                                                                                      • Opcode ID: e28481b5bd09838613ba292ad7065b96dd02c52cd7aa95fff5e51c43cee07103
                                                                                                                                                                                      • Instruction ID: 1af55e8da281c8781352e9764615226c40e2312ccaecb42dabcb88ef8baddf82
                                                                                                                                                                                      • Opcode Fuzzy Hash: e28481b5bd09838613ba292ad7065b96dd02c52cd7aa95fff5e51c43cee07103
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5621C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889809B19
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 890 4023e4-402415 call 402c41 * 2 call 402cd1 897 402ac5-402ad4 890->897 898 40241b-402425 890->898 899 402427-402434 call 402c41 lstrlenW 898->899 900 402438-40243b 898->900 899->900 903 40243d-40244e call 402c1f 900->903 904 40244f-402452 900->904 903->904 906 402463-402477 RegSetValueExW 904->906 907 402454-40245e call 403116 904->907 912 402479 906->912 913 40247c-40255d RegCloseKey 906->913 907->906 912->913 913->897
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv30A.tmp,00000023,?,00000000,00000002,00000011,00000002), ref: 0040242F
                                                                                                                                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsv30A.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 0040246F
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsv30A.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseValuelstrlen
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsv30A.tmp
                                                                                                                                                                                      • API String ID: 2655323295-2047637581
                                                                                                                                                                                      • Opcode ID: 9a3461ccf5e97b7c32c54b7d05eab826c4bfa94843a9f7a4b2844160e84a6319
                                                                                                                                                                                      • Instruction ID: a703f9f7a84a81219e2528cb215680d2185ac4e531b753f9c0eacf199e84c27d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a3461ccf5e97b7c32c54b7d05eab826c4bfa94843a9f7a4b2844160e84a6319
                                                                                                                                                                                      • Instruction Fuzzy Hash: AF118471D00104BEEB10AFA5DE89EAEBA74AB44754F11803BF504F71D1D7F48D409B29
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402032 Relevance: 6.1, APIs: 4, Instructions: 73libraryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 915 402032-40203e 916 402044-40205a call 402c41 * 2 915->916 917 4020fd-4020ff 915->917 927 40206a-402079 LoadLibraryExW 916->927 928 40205c-402068 GetModuleHandleW 916->928 918 40224b-402250 call 401423 917->918 925 402ac5-402ad4 918->925 926 40288b-402892 918->926 926->925 930 40207b-40208a call 406703 927->930 931 4020f6-4020f8 927->931 928->927 928->930 935 4020c5-4020ca call 405322 930->935 936 40208c-402092 930->936 931->918 940 4020cf-4020d2 935->940 938 402094-4020a0 call 401423 936->938 939 4020ab-4020c3 KiUserCallbackDispatcher 936->939 938->940 948 4020a2-4020a9 938->948 939->940 940->925 942 4020d8-4020e2 call 40394a 940->942 942->925 947 4020e8-4020f1 FreeLibrary 942->947 947->925 948->940
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040205D
                                                                                                                                                                                      • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00002000,?,0041E630,0040A000,?,?,?,00000008,00000001,000000F0), ref: 004020BE
                                                                                                                                                                                        • Part of subcall function 00405322: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                        • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                        • Part of subcall function 00405322: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,0040327A), ref: 0040537D
                                                                                                                                                                                        • Part of subcall function 00405322: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\), ref: 0040538F
                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                      • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Librarylstrlen$CallbackDispatcherFreeHandleLoadModuleTextUserWindowlstrcat
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 719239633-0
                                                                                                                                                                                      • Opcode ID: 733c30ef688fd7cf93f443484f6eeb8b2f394f7d844699520a9e08b098a17dcc
                                                                                                                                                                                      • Instruction ID: 3abd81b96889d1c7eb1cceed2e7b5e281284f1a6e6a9a5ff44b88a827c8e1d1c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 733c30ef688fd7cf93f443484f6eeb8b2f394f7d844699520a9e08b098a17dcc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8821B071D00205AACF20AFA5CE48A9E7A70BF04358F60413BF511B11E0DBBD8981DA6E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004057F1 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00405848
                                                                                                                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040585D
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00405867
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3449924974-0
                                                                                                                                                                                      • Opcode ID: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                      • Instruction ID: d156970015101e62572267df52bf1fb018b172c5ebb67f048bc3511340661aba
                                                                                                                                                                                      • Opcode Fuzzy Hash: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                      • Instruction Fuzzy Hash: EB010872D00219EADF009FA1C944BEFBBB8EF14304F00803AE945B6280D7789618CFA9
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405C48
                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                      • lstrlenW.KERNEL32(00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405CF0
                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(00464250,00464250,00464250,00464250,00464250,00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00405D00
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                      • String ID: PBF
                                                                                                                                                                                      • API String ID: 3248276644-3456974464
                                                                                                                                                                                      • Opcode ID: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                      • Instruction ID: 4e01e145a0ed536ad24acc563e8a85444835dd946e40d448b56664b374cc0476
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 21F0F43500DF6125F626333A1C45AAF2555CE82328B6A057FFC62B12D2DA3C89539D7E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405DDF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00405DFD
                                                                                                                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,004CB000,0040338D,004DB000,004DF000,004DF000,004DF000,004DF000,004DF000,74DF3420,004035D9), ref: 00405E18
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CountFileNameTempTick
                                                                                                                                                                                      • String ID: nsa
                                                                                                                                                                                      • API String ID: 1716503409-2209301699
                                                                                                                                                                                      • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                      • Instruction ID: af8b6ba947558e1b0daa3aed001b6e0f80e178ffca66ecedc63f3e0829e9a41e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 61F03076A00304FBEB009F69ED05E9FB7BCEB95710F10803AE941E7250E6B09A548B64
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GlobalFree.KERNELBASE(009C8510), ref: 00401BE7
                                                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Global$AllocFree
                                                                                                                                                                                      • String ID: Call
                                                                                                                                                                                      • API String ID: 3394109436-1824292864
                                                                                                                                                                                      • Opcode ID: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                      • Instruction ID: 2ffc4b8e8b305263ff1bfe934f744a2e7f0909984677ca7ca3d2d917788d1148
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                      • Instruction Fuzzy Hash: 52210A76600100ABCB10FF95CE8499E73A8EB48318BA4443FF506F32D0DB78A852DB6D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402259 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 004065FD: FindFirstFileW.KERNELBASE(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00406608
                                                                                                                                                                                        • Part of subcall function 004065FD: FindClose.KERNEL32(00000000), ref: 00406614
                                                                                                                                                                                      • lstrlenW.KERNEL32 ref: 00402299
                                                                                                                                                                                      • lstrlenW.KERNEL32(00000000), ref: 004022A4
                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022CD
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1486964399-0
                                                                                                                                                                                      • Opcode ID: 062f35bd25ec594713e9bacb5e8e7d42a2d599ab1320245f6c1f49b86b73afc7
                                                                                                                                                                                      • Instruction ID: edc96df04b91ed766a503f65766f364d086ea8d205cfe5bb15309c141496b913
                                                                                                                                                                                      • Opcode Fuzzy Hash: 062f35bd25ec594713e9bacb5e8e7d42a2d599ab1320245f6c1f49b86b73afc7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 57117071900318A6DB10EFF98E4999EB7B8AF04344F50443FB805F72D1D6B8C4419B59
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405984 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00405D8B: GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                        • Part of subcall function 00405D8B: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                      • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405B66), ref: 0040599F
                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,?,00000000,00405B66), ref: 004059A7
                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 004059BF
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1655745494-0
                                                                                                                                                                                      • Opcode ID: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                      • Instruction ID: 825022a906987a8d14f11fb4079f6fb6242afe5a54bc5f1377d2c32e3c215ab4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                      • Instruction Fuzzy Hash: D1E0E5B1119F5096D21067349A0CB5B2AA4DF86334F05093AF891F11C0DB3844068EBE
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0040420A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(00000408,?,00000000,00403E66), ref: 00404228
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID: x
                                                                                                                                                                                      • API String ID: 3850602802-2363233923
                                                                                                                                                                                      • Opcode ID: e82a7d21fa03904461fa10532b6b329160c9b8c64979419cd390d17c652ef76f
                                                                                                                                                                                      • Instruction ID: 82fd7f65e594eab6243e90e7db6230d4dc4ac3147aa4acdd77266932ee49a333
                                                                                                                                                                                      • Opcode Fuzzy Hash: e82a7d21fa03904461fa10532b6b329160c9b8c64979419cd390d17c652ef76f
                                                                                                                                                                                      • Instruction Fuzzy Hash: AEC01272284200BADB108B90DF00F1A7A30E7E0702F20C03DF388200B086B108A1DB0D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405C48
                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                        • Part of subcall function 004057F1: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,004D3000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1892508949-0
                                                                                                                                                                                      • Opcode ID: ee54970bfc7e3ee71f24920e54696bd448e0422c5998a1c0ff03b14504c5deaa
                                                                                                                                                                                      • Instruction ID: 536d45c59d08a7b21130d9dbd5b0e10796a041e4a40079992e14d28e29d42f71
                                                                                                                                                                                      • Opcode Fuzzy Hash: ee54970bfc7e3ee71f24920e54696bd448e0422c5998a1c0ff03b14504c5deaa
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2211E231504505EBCF30AFA1CD0159F36A0EF14369B28493BFA45B22F1DB3E8A919B5E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsv30A.tmp,00000000,?,00000000,00000002,00000011,00000002), ref: 00402557
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3356406503-0
                                                                                                                                                                                      • Opcode ID: 403208d832c142c4943c3862644a2096e2da2602c55317de10467c08740d708e
                                                                                                                                                                                      • Instruction ID: 1206e07bb255176646816810ef0290bee69920d7ecde6c9ccbb84b14c6b4306b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 403208d832c142c4943c3862644a2096e2da2602c55317de10467c08740d708e
                                                                                                                                                                                      • Instruction Fuzzy Hash: E311A771D10205EBDF14DFA4CA585AE77B4EF44348B20843FE505B72C0D6B89A41EB5E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                      • Opcode ID: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                      • Instruction ID: ea42f58d7670a619ed9131e80823b54190387dbc53765a55c310ef4228f9fff3
                                                                                                                                                                                      • Opcode Fuzzy Hash: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                      • Instruction Fuzzy Hash: AF0128316202109BE7095B789E04B2A3798E710315F10463FF855F62F1D6B8CC829B5C
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004053F5 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 00405405
                                                                                                                                                                                        • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                      • OleUninitialize.OLE32(00000404,00000000), ref: 00405451
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2896919175-0
                                                                                                                                                                                      • Opcode ID: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                      • Instruction ID: 7813e2a1ccdf537c56c01956b79198a0443dbd649336f33e6835a7e221d2fb99
                                                                                                                                                                                      • Opcode Fuzzy Hash: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF090B25406009BE7015B549D01BAB7760EFD431AF05443EFF89B22E0D77948928E6E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                                                                                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$EnableShow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1136574915-0
                                                                                                                                                                                      • Opcode ID: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                      • Instruction ID: fc8c1c2e7d4a5a8f9e35cd12a8e681b154a8316ed36a6d041aa31def844ca7e2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                      • Instruction Fuzzy Hash: 61E01A72E082008FE724ABA5AA495AD77B4EB90365B20847FE211F11D1DA7858819F6A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00406694 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                        • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                        • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                        • Part of subcall function 00406624: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2547128583-0
                                                                                                                                                                                      • Opcode ID: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                      • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                      • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402AA0 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,0000000B,?), ref: 00402AAF
                                                                                                                                                                                      • InvalidateRect.USER32(?), ref: 00402ABF
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InvalidateMessageRectSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 909852535-0
                                                                                                                                                                                      • Opcode ID: 76c703c510b2b1cdda6c0307f26d758fcb9d339464c4a1492175234b68bd5591
                                                                                                                                                                                      • Instruction ID: 3459e5e6f66cf7648d07927a76ddb317f2732314ad0b2276323b067b84cb0e35
                                                                                                                                                                                      • Opcode Fuzzy Hash: 76c703c510b2b1cdda6c0307f26d758fcb9d339464c4a1492175234b68bd5591
                                                                                                                                                                                      • Instruction Fuzzy Hash: E6E08CB2B10104BFDB00CBD4EEC89AE7BB9EB80355F20007AF101B00A0E7700C90DA38
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00403915 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FreeLibrary.KERNELBASE(?,004DF000,00000000,74DF3420,004038ED,00403703,00000006,?,00000006,00000008,0000000A), ref: 0040392F
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00403936
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Free$GlobalLibrary
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1100898210-0
                                                                                                                                                                                      • Opcode ID: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                      • Instruction ID: 228f896298dd83b048f64e6024dd5859bf02c68f9830d759f3998b57695c5827
                                                                                                                                                                                      • Opcode Fuzzy Hash: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                      • Instruction Fuzzy Hash: 12E0C2334122205BC6215F04ED08B5A776CAF49B32F15407AFA807B2A087B81C928FC8
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405DB0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 415043291-0
                                                                                                                                                                                      • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                      • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                                                                                                                      • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405D8B Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                      • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                      • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                      • Instruction ID: fe430eedc911e7c92ce83e5abbc00e08444bb0e311ec0623c818608bfa408f6d
                                                                                                                                                                                      • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BD0C972504420ABD2512728AF0C89BBB95DB542717028B39FAA9A22B0CB304C568A98
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0040586E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00403382,004DF000,004DF000,004DF000,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 00405874
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405882
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1375471231-0
                                                                                                                                                                                      • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                      • Instruction ID: b5712d1dc6f90c91938fb9970759bfac189bcafefc635788875416fd9ee2894b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FC04C712155019ED7546F619F08B277A50EB60781F158839A946E10E0DB348465ED2D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00406155 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040617E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                      • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                      • Instruction ID: dcb86bc894ab99bc20e37dc8a6176b737b641c0fdee4176656c7f25b47436c56
                                                                                                                                                                                      • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                      • Instruction Fuzzy Hash: 75E0E6B2110109BEEF195F50DD0AD7B375DE704304F01452EFA06D4091E6B5AD315634
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032FA,000000FF,00428200,?,00428200,?,?,00000004,00000000), ref: 00405E76
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                                                      • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                      • Instruction ID: 8754e0b6f25d564075f0081c534dd79b85a2df0f0bc88b3642164a4a3ec1e455
                                                                                                                                                                                      • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                      • Instruction Fuzzy Hash: FDE0B63221065AAFDF109F95DC00AAB7B6CEB052A0F044437FD59E7150D671EA21DAE4
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405E33 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403344,00000000,00000000,00403168,?,00000004,00000000,00000000,00000000), ref: 00405E47
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                      • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                      • Instruction ID: bd732019988057c431ec21c3a2c50b1292625b962aa4d7912315599e48db2a91
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                      • Instruction Fuzzy Hash: A9E08C3220021AABCF20AF54DC00FEB3B6CEB05760F004832FD65E6040E230EA219BE8
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00406127 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,004061B5,?,00000000,?,?,Delete on reboot: ,?), ref: 0040614B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                      • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                      • Instruction ID: b908bd292ce434c6339c018d18c1e3bfafdd2f7559b63d477f04a141d62eba1a
                                                                                                                                                                                      • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 94D0123214020DFBDF119E909D01FAB775DAB08350F014426FE06A9191D776D530AB14
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00406080 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MoveFileExW.KERNELBASE(?,?,00000005,00405B7E,?,00000000,000000F1,?,?,?,?,?), ref: 0040608A
                                                                                                                                                                                        • Part of subcall function 00405F06: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                        • Part of subcall function 00405F06: GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                        • Part of subcall function 00405F06: GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                        • Part of subcall function 00405F06: wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                        • Part of subcall function 00405F06: GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                        • Part of subcall function 00405F06: GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                        • Part of subcall function 00405F06: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                        • Part of subcall function 00405F06: SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$NamePathShort$AllocCloseGlobalHandleMovePointerSizelstrcpywsprintf
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1930046112-0
                                                                                                                                                                                      • Opcode ID: a0a4fc277c167b836c478514f4bee1604d33cb824f5458dd384cc09b2e4e5c73
                                                                                                                                                                                      • Instruction ID: 90c27e8b518d79db7b79f3353fecf9451eb8ea8c7f58bc67283902775dd808e1
                                                                                                                                                                                      • Opcode Fuzzy Hash: a0a4fc277c167b836c478514f4bee1604d33cb824f5458dd384cc09b2e4e5c73
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FD0C932148201BEDB165B10ED05A1FBBA1FB90355F11D43EF28DA00B0EB3684B4EF0A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00404231 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,?,00000000), ref: 0040424B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ItemText
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3367045223-0
                                                                                                                                                                                      • Opcode ID: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                      • Instruction ID: 58c8b0ee816a9f079cb4560b894257bfb9dfa06490f5d5235509ae25e2c95a64
                                                                                                                                                                                      • Opcode Fuzzy Hash: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                      • Instruction Fuzzy Hash: 79C04C76148300BFD681BB55CC42F1FB79DEF94315F44C52EB59CA11E2C63A84309B26
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                      • Opcode ID: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                      • Instruction ID: 539d97cecbd0a6245bb22c05259f77f590d4a0b0d5c0f28d123e3a53dcb21da8
                                                                                                                                                                                      • Opcode Fuzzy Hash: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                      • Instruction Fuzzy Hash: C6C09BB27403007BDE11CB909E49F1777545790740F18447DB348F51E0D6B4D490D61C
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00403347 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 00403355
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                      • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                      • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                      • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                      • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00404266 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                      • Opcode ID: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                      • Instruction ID: 80b1fa8ab317a3fb83bf0bb9afc1fcb2ede285a6b5c9b7890d3d6fe7da01b763
                                                                                                                                                                                      • Opcode Fuzzy Hash: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69B092361C4600AAEE118B50DE49F497A62E7A4702F008138B244640B0CAB200E0DB09
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00404253 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,0040402A), ref: 0040425D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2492992576-0
                                                                                                                                                                                      • Opcode ID: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                      • Instruction ID: 6a6b83ba7992c3eb947fe44f0607646ae594aefa1fc7371f7d6a783f6fb0b7b0
                                                                                                                                                                                      • Opcode Fuzzy Hash: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EA002754445019BCF015B50DF098057A61F7A4701B114479B5555103596314860EB19
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004038D0 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CloseHandle.KERNEL32(FFFFFFFF,00403703,00000006,?,00000006,00000008,0000000A), ref: 004038DB
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                      • Opcode ID: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                      • Instruction ID: f79f1cdd038f729e9031bf35a7c7ad7adb8aafebcc14ea038f42f7e62efb972e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69C0127054070496C1206F759D4F6193E54AB8173BB604776B0B8B10F1C77C4B59595E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                      Function 00404C9E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404CB6
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404CC1
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D0B
                                                                                                                                                                                      • LoadBitmapW.USER32(0000006E), ref: 00404D1E
                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000FC,00405296), ref: 00404D37
                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D4B
                                                                                                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D5D
                                                                                                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404D73
                                                                                                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D7F
                                                                                                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D91
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00404D94
                                                                                                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404DBF
                                                                                                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DCB
                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E61
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E8C
                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EA0
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                                                                                                                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404EEE
                                                                                                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FEB
                                                                                                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405050
                                                                                                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405065
                                                                                                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405089
                                                                                                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050A9
                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 004050BE
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 004050CE
                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405147
                                                                                                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 004051F0
                                                                                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051FF
                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0040521F
                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 0040526D
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00405278
                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 0040527F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                      • String ID: $M$N
                                                                                                                                                                                      • API String ID: 1638840714-813528018
                                                                                                                                                                                      • Opcode ID: 3b019a9e8d219d368d602818409f6a9b64d333d2832f2ae38c54831c8f3f794a
                                                                                                                                                                                      • Instruction ID: 350e9793ba1948ff1935c4af006ad7833f39553502bf8ecbcf91bc97059cc7bb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b019a9e8d219d368d602818409f6a9b64d333d2832f2ae38c54831c8f3f794a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C0281B0900209AFDB10DFA4DD85AAE7BB5FB44314F10417AF614BA2E1C7799D92CF58
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                      • Opcode ID: 263323e5794f7559126a2b66b9cefb3983b41ff587fb3f65759d48402a8cb393
                                                                                                                                                                                      • Instruction ID: 11d43fc069a5ea90b0fea77c2c23c6da8a8dfc92bb9fdb714ff4c9b8b345b962
                                                                                                                                                                                      • Opcode Fuzzy Hash: 263323e5794f7559126a2b66b9cefb3983b41ff587fb3f65759d48402a8cb393
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BF08271A14104EFDB00EBA4DA499ADB378EF04314F6045BBF515F21D1DBB45D909B2A
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00406B15 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                      • Instruction ID: 703def0becceeecb9d8561ea32c53bcab4b84ebc773a8a1d0b412cad538f794c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EE1797190470ADFDB24CF99C880BAAB7F5FF44305F15852EE497A7291E378AA91CB04
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004072EC Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                      • Instruction ID: 59779062152899835760f0dc2f5c49596223a290c6efd11eddd93cbc7c663e45
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FC15831E04219DBDF18CF68C8905EEBBB2BF88314F25866AC85677380D734A942CF95
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004043F0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040448E
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004044A2
                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044BF
                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 004044D0
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044DE
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044EC
                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 004044F1
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044FE
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404513
                                                                                                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 0040456C
                                                                                                                                                                                      • SendMessageW.USER32(00000000), ref: 00404573
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 0040459E
                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045E1
                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 004045EF
                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 004045F2
                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040460B
                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 0040460E
                                                                                                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040463D
                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040464F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                      • String ID: Delete on reboot: $N$gC@
                                                                                                                                                                                      • API String ID: 3103080414-1763248576
                                                                                                                                                                                      • Opcode ID: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                      • Instruction ID: 3402c350d7270d9961c63d8365249516a5ebc70a9ec23ab72cb453283ebd69b0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7761BEB1900209BFDB009F60DD85EAA7B69FB85305F00843AF705B62D0D77D9961CF99
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                      • DrawTextW.USER32(00000000,00472EE0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                      • String ID: F
                                                                                                                                                                                      • API String ID: 941294808-1304234792
                                                                                                                                                                                      • Opcode ID: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                      • Instruction ID: 4eb8147a30471c2b969484520d7d1b1c24976f3a1718a772f7b725b3b94c1b26
                                                                                                                                                                                      • Opcode Fuzzy Hash: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C418A71800249AFCF058FA5DE459AF7BB9FF44314F00842AF991AA1A0C778D954DFA4
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405F06 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                        • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                        • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                      • wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                      • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0040606E
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406075
                                                                                                                                                                                        • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                        • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                      • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                      • API String ID: 2171350718-461813615
                                                                                                                                                                                      • Opcode ID: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                      • Instruction ID: 1ccef14564d3a4e3590f6d96bf23d62cdd24cd7414a0bd79904b9c13782922cd
                                                                                                                                                                                      • Opcode Fuzzy Hash: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 08312530641B05BBC220AB659D48F6B3AACDF45744F15003FFA42F72C2EB7C98118AAD
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405322 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                      • lstrlenW.KERNEL32(0040327A,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                      • lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,0040327A), ref: 0040537D
                                                                                                                                                                                      • SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\), ref: 0040538F
                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                      • String ID: Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\
                                                                                                                                                                                      • API String ID: 2531174081-349552475
                                                                                                                                                                                      • Opcode ID: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                      • Instruction ID: c4a8b4fbc7344707c8dcd13f789004ac01d88f238d1262f53b2d1dabcf784db2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21A171900518BBCB11AFA5DD849CFBFB9EF45350F10807AF904B62A0C7B94A80DFA8
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00404298 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 004042B5
                                                                                                                                                                                      • GetSysColor.USER32(00000000), ref: 004042F3
                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 004042FF
                                                                                                                                                                                      • SetBkMode.GDI32(?,?), ref: 0040430B
                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 0040431E
                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 0040432E
                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00404348
                                                                                                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00404352
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2320649405-0
                                                                                                                                                                                      • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                      • Instruction ID: a3c6a1d12b74a4a342abaca89036a15a37f51972f1e3113ed1cbee018e9c0b42
                                                                                                                                                                                      • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                      • Instruction Fuzzy Hash: 772156716007059BC724DF78D948B5B77F4AF81710B04893DED96A26E0D734E544CB54
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                        • Part of subcall function 00405E91: SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,?,?,0040262F,00000000,00000000,?,00000000,00000011), ref: 00405EA7
                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                      • String ID: 9
                                                                                                                                                                                      • API String ID: 163830602-2366072709
                                                                                                                                                                                      • Opcode ID: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                      • Instruction ID: 75c70889326ed48cf653b65eedce39ba48716a77e36bbd16e72a3e0392bfe49c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C511975D00219AEDF219F95DA88AAEB779FF04304F10443BE901B72D0DBB89982CB58
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00404BEC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C07
                                                                                                                                                                                      • GetMessagePos.USER32 ref: 00404C0F
                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404C29
                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C3B
                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C61
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                                                                                                      • String ID: f
                                                                                                                                                                                      • API String ID: 41195575-1993550816
                                                                                                                                                                                      • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                      • Instruction ID: 457ccdd811883e010b73e4973708530e0d9e00004b69c5e73a61d7a3cd07de8f
                                                                                                                                                                                      • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                      • Instruction Fuzzy Hash: CF015271900218BAEB10DBA4DD85BFEBBBCAF95711F10412BBA50B71D0D7B499018BA4
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401DB9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                                                                      • CreateFontIndirectW.GDI32(0041E5D0), ref: 00401E3E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                      • String ID: MS Shell Dlg
                                                                                                                                                                                      • API String ID: 3808545654-76309092
                                                                                                                                                                                      • Opcode ID: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                      • Instruction ID: 2f87ef527a079fcd98b3174ff93e15f92fad6858fb92d4176ae60913c966d855
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A01B575604240BFE700ABF1AE0ABDD7FB5AB55309F10887DF641B61E2DA7840458B2D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                                                                      • MulDiv.KERNEL32(052ED161,00000064,052F12F8), ref: 00402E3C
                                                                                                                                                                                      • wsprintfW.USER32 ref: 00402E4C
                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • verifying installer: %d%%, xrefs: 00402E46
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                      • String ID: verifying installer: %d%%
                                                                                                                                                                                      • API String ID: 1451636040-82062127
                                                                                                                                                                                      • Opcode ID: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                      • Instruction ID: dfd142ddc65d39fdaa73b229a9921dc7c235b7e072e3123d651e00bd55f03bcf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 60014F7164020CABEF209F60DE49FAE3B69AB44304F008439FA06B51E0DBB895558B98
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2667972263-0
                                                                                                                                                                                      • Opcode ID: 7de08f69a6207d12ba03748cfc8d3d9abfd7099fa01db4c14e26c626a8340511
                                                                                                                                                                                      • Instruction ID: 85d8fb478e53a7d33050a02afe9876517184a336e4e72b82bbd0c3cba42884f9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7de08f69a6207d12ba03748cfc8d3d9abfd7099fa01db4c14e26c626a8340511
                                                                                                                                                                                      • Instruction Fuzzy Hash: D121AEB1800128BBDF116FA5DE89DDE7E79EF08364F14423AF960762E0CB794C418B98
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0309103F Relevance: 9.1, APIs: 6, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • OpenProcess.KERNEL32(00100401,00000000,?,0000025E,?,00004000,?), ref: 03091054
                                                                                                                                                                                      • EnumWindows.USER32(03091007,?), ref: 03091074
                                                                                                                                                                                      • GetExitCodeProcess.KERNEL32(00000000,?), ref: 03091084
                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,00000BB8), ref: 0309109D
                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 030910AE
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 030910C5
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2055025647.0000000003091000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03090000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2055006323.0000000003090000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2055042402.0000000003092000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2055062837.0000000003094000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_3090000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process$CloseCodeEnumExitHandleObjectOpenSingleTerminateWaitWindows
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3465249596-0
                                                                                                                                                                                      • Opcode ID: 04358ae63e24e04cfecd8dd9da840dd1b9533ea84ad85cd752f17b538f1a1951
                                                                                                                                                                                      • Instruction ID: 48ae091873b6c9e83a091b375186e0a83e075820a8d529d868a66a07549d0d0e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 04358ae63e24e04cfecd8dd9da840dd1b9533ea84ad85cd752f17b538f1a1951
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F115A35B0224AFFEF54EF96D988AAE77FCBF84601B06446AF51192101C3B68900DB61
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 0040654E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                      • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                      • CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                      • CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Char$Next$Prev
                                                                                                                                                                                      • String ID: *?|<>/":
                                                                                                                                                                                      • API String ID: 589700163-165019052
                                                                                                                                                                                      • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                      • Instruction ID: 36fae6fd7d65e337959ab81909abbfc549fe516cf0b4c9ff473ab524d2c4c229
                                                                                                                                                                                      • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                      • Instruction Fuzzy Hash: B611B65580061279DB302B14BC40EB762F8EF54764F56403FED86732C8EBBC5C9292AD
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsv30A.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsv30A.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsv30A.tmp$C:\Users\user\AppData\Local\Temp\nsv30A.tmp\System.dll
                                                                                                                                                                                      • API String ID: 3109718747-4220761587
                                                                                                                                                                                      • Opcode ID: b2f4003525800b6e43992f9b135d97d7eb08ff68f5afdbb7a810963f124aa3ca
                                                                                                                                                                                      • Instruction ID: b23dc685b5da5394ac89c8ab13f2cbf985e24fd8d9932a4f5164fd221fdd45c5
                                                                                                                                                                                      • Opcode Fuzzy Hash: b2f4003525800b6e43992f9b135d97d7eb08ff68f5afdbb7a810963f124aa3ca
                                                                                                                                                                                      • Instruction Fuzzy Hash: 76110B72A04201BADB146FF18E89A9F76659F44398F204C3FF102F61D1EAFC89415B5D
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1849352358-0
                                                                                                                                                                                      • Opcode ID: 530df658d6ec3b55b280f53534df286e45b1d410178b7b9918a8c3f801b16ff1
                                                                                                                                                                                      • Instruction ID: d9fd13ec482603559a9c09f77eb5ae76b99fbdc016b4c624d38ebcad95bf5f4c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 530df658d6ec3b55b280f53534df286e45b1d410178b7b9918a8c3f801b16ff1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 28F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F61A0CA749D519B78
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00404ADE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                      • wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                      • String ID: %u.%u%s%s
                                                                                                                                                                                      • API String ID: 3540041739-3551169577
                                                                                                                                                                                      • Opcode ID: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                      • Instruction ID: 65d6ef813479b3ccfd969ec0db039784a4d8c6b5967a53089d3579ec78c560c8
                                                                                                                                                                                      • Opcode Fuzzy Hash: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                      • Instruction Fuzzy Hash: 401193736041282ADB00656D9C45F9E369C9B85334F25423BFA65F21D1E979D82582E8
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Close$Enum
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 464197530-0
                                                                                                                                                                                      • Opcode ID: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                      • Instruction ID: fc7ade2e12cd9e993d25f9a328d8db16c9603ee1eb20de8c24b8f84b94a82c23
                                                                                                                                                                                      • Opcode Fuzzy Hash: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                      • Instruction Fuzzy Hash: B4116A32500109FBDF02AB90CE09FEE7B7DAF54340F100076B904B51E1E7B59E21AB68
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2102729457-0
                                                                                                                                                                                      • Opcode ID: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                      • Instruction ID: 9c0cd9c85579b1f1539786df4f617efd254904ce91a486f6a135d178cfad0ab8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AF05E30485630EBD6506B20FE0CACB7BA5FB84B41B0149BAF005B11E4D7B85880CBDC
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405296 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 004052C5
                                                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 00405316
                                                                                                                                                                                        • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                                                                                                      • Opcode ID: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                      • Instruction ID: 334c9fee3abb3f39d596823d3a3537c7effd0098edc8ca0b3d981ed7cb288a41
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                      • Instruction Fuzzy Hash: F9015A31100709ABEB205F51DD94A9B3B26EB84795F20507AFA007A1D1D7BA9C919E2E
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00406188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00004000,00000002,?,00000000,?,?,Delete on reboot: ,?,?,004063FC,80000002), ref: 004061CE
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,Delete on reboot: ,Delete on reboot: ,Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nsv30A.tmp\), ref: 004061D9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                                                      • String ID: Delete on reboot:
                                                                                                                                                                                      • API String ID: 3356406503-2410499825
                                                                                                                                                                                      • Opcode ID: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                      • Instruction ID: 8659262355d6ebf2290daf59b07b2549fc881bd87fa0bb5ea6267207f8cb0b09
                                                                                                                                                                                      • Opcode Fuzzy Hash: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 68017C72500209EADF218F51DD09EDB3BB8EF55364F01403AFE16A61A1D378DA64EBA4
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 004058A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00468250,Error launching installer), ref: 004058CC
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004058D9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Error launching installer, xrefs: 004058B6
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                                                      • String ID: Error launching installer
                                                                                                                                                                                      • API String ID: 3712363035-66219284
                                                                                                                                                                                      • Opcode ID: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                      • Instruction ID: 30392a530fa928b09b8412afc6dc4f2cd20664ca8a9f97139eafb5a2ce14b88a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                      • Instruction Fuzzy Hash: 33E09AB5540609BFEB009B64DD05F7B77ACEB04708F508565BD51F2150EB749C148A79
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                      Function 00405D15 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D3D
                                                                                                                                                                                      • CharNextA.USER32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2052557241.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2052491397.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053333397.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2053376524.000000000055F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2054001699.000000000062B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 190613189-0
                                                                                                                                                                                      • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                      • Instruction ID: cc601e2af81a4130f3690bf6756e9ae730db34a97aa71f580e1783f9e5236296
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF0F631200818FFC7129FA4DD049AFBBA8EF06354B2580BAE840F7211D634DE02AF98
                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                      Uniqueness Score: -1.00%