Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SpacesVoid Setup 1.0.0.exe

Overview

General Information

Sample name:SpacesVoid Setup 1.0.0.exe
Analysis ID:1595360
MD5:5acd28f815ac1f46f41e0e67db46b34d
SHA1:3f217a1e35ba0b6bcbec5cf8d3e983171206d786
SHA256:869b5cdb04e68978ef7d45f99599b970c47d9ace74a84b5d11f62b2a6762f40d
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Drops large PE files
Excessive usage of taskkill to terminate processes
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64native
  • SpacesVoid Setup 1.0.0.exe (PID: 2840 cmdline: "C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe" MD5: 5ACD28F815AC1F46F41E0E67DB46B34D)
    • cmd.exe (PID: 7268 cmdline: "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv | "C:\Windows\system32\find.exe" "SpacesVoid.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 1956 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 5920 cmdline: "C:\Windows\system32\find.exe" "SpacesVoid.exe" MD5: 31D06677CD9ACA84EA2E2E8E3BF22D65)
  • SpacesVoid.exe (PID: 6672 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" MD5: F5457AB7A9461A94C949AEF76BB8AAF1)
    • cmd.exe (PID: 6312 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 1968 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • SpacesVoid.exe (PID: 5980 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1684 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: F5457AB7A9461A94C949AEF76BB8AAF1)
    • cmd.exe (PID: 5168 cmdline: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • curl.exe (PID: 8124 cmdline: curl http://api.ipify.org/ --ssl-no-revoke MD5: 1C3645EBDDBE2DA6A32A5F9FB43A3C23)
    • cmd.exe (PID: 7660 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 5760 cmdline: wmic bios get smbiosbiosversion MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 2884 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 7596 cmdline: wmic MemoryChip get /format:list MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
      • find.exe (PID: 7176 cmdline: find /i "Speed" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
    • SpacesVoid.exe (PID: 4764 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2388 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: F5457AB7A9461A94C949AEF76BB8AAF1)
    • cmd.exe (PID: 5280 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 5524 cmdline: wmic path win32_VideoController get name MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 1624 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 6232 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 4216 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 3348 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4460 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 800 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7372 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 8096 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4060 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6584 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2560 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4476 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5060 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4848 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5728 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 920 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6968 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6408 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3132 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7432 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1288 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5944 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1736 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4692 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4196 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6060 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6192 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7556 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2704 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1300 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6816 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7940 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6552 cmdline: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • where.exe (PID: 3496 cmdline: where /r . cookies.sqlite MD5: 3CF958B0F63FB1D74F7FCFE14B039A58)
    • cmd.exe (PID: 2464 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7128 cmdline: taskkill /F /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • chrome.exe (PID: 2432 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com MD5: BB7C48CDDDE076E7EB44022520F40F77)
      • chrome.exe (PID: 5360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --no-subproc-heap-profiling --field-trial-handle=2264,i,10227422571099067476,57022648399585482,262144 --disable-features=PaintHolding --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2280 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)
    • cmd.exe (PID: 2252 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5336 cmdline: taskkill /F /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3396 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4624 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • msedge.exe (PID: 5676 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
      • msedge.exe (PID: 4984 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,7652606613945732369,12492121745712415275,131072 --disable-features=PaintHolding --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1808 /prefetch:3 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
    • cmd.exe (PID: 6220 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5536 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1872 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 4528 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 4116 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 1572 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 1324 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 4780 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6952 cmdline: C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • where.exe (PID: 7460 cmdline: where /r . *.sqlite MD5: 3CF958B0F63FB1D74F7FCFE14B039A58)
    • cmd.exe (PID: 4404 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6864 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6576 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4460 cmdline: taskkill /IM Steam.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5392 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1308 cmdline: taskkill /IM javaw.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4880 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6244 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7244 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 7700 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 2996 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6232 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 5736 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3396 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7252 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8020 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 6672, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite", ProcessId: 6552, ProcessName: cmd.exe
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 6672, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite", ProcessId: 6552, ProcessName: cmd.exe
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine|base64offset|contains: +{Zz", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 6672, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, ProcessId: 2432, ProcessName: chrome.exe
Sigma detected: Browser Execution In Headless Mode
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine|base64offset|contains: +{Zz", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 6672, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, ProcessId: 2432, ProcessName: chrome.exe
Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, CommandLine|base64offset|contains: +{Zz", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 6672, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com, ProcessId: 2432, ProcessName: chrome.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe, ParentProcessId: 6672, ParentProcessName: SpacesVoid.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", ProcessId: 5168, ProcessName: cmd.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1624, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, ProcessId: 6232, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: SpacesVoid Setup 1.0.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e1611148-5250-504b-8870-9793aa65c9f1Jump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: SpacesVoid Setup 1.0.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17522199657.0000000005A10000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17522845113.0000000005BD0000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcatsJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\distJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resourcesJump to behavior
Source: chrome.exeMemory has grown: Private usage: 6MB later: 27MB
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgUser-Agent: curl/7.55.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: mail.google.com
Source: global trafficDNS traffic detected: DNS query: api.gofile.io
Source: global trafficDNS traffic detected: DNS query: file.io
Source: global trafficDNS traffic detected: DNS query: apileet.hexonst34l3r.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficTCP traffic: 192.168.11.20:65020 -> 239.255.255.250:1900
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:1337/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:80/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:1337/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:80/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/32
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://2x.io)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://a.b.example
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1085
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136dumpTranslatedShadersWrite
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1512
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1637
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1936
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2046
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2273
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2894
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2978
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3027
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3729
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3997
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4214
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4267
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4646
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/482
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5469
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5577
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7527
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761disableProgramCachingDisables
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8172
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280enableTranslatedShaderSubstitutionCheck
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8291
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8297
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cldr.unicode.org/index/downloads
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/smhasher/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/v8
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1094869
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/110263
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1144207
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1171371
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181068
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181193
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/1352358
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1420130
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1434317
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1456243
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/275944
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/308366
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/378067
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/403957
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/437891.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/456214
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/510270
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/550292
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/565179
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/642141
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642227
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642605
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/644669
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/650547
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/672186).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/672380
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/709351
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/797243
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/809422
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/819404
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/830046
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/883276
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/927470
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/957772
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://debuggable.com/)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://devel.freebsoft.org/speechd
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dominictarr.com)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.no
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.sub
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.github.io/snappy/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://indigounited.com)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://istanbul-js.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://no.sub.example
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.perlig.de/rjsmin/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pages.citebite.com/v2o5n8l2f5reb))
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/compatibility)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/62888/10333
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/37519828
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:1337
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:80
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tootallnate.net)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unexpected.proxy
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://valgrind.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://webkit.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://website-archive.mozilla.org/www.mozilla.org/mpl/MPL/NPL/1.1/):
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chromium.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.exodus.io)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/NPL/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ploscompbiol.org/static/license
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.strongtalk.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://x.prefexample
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://android.googlesource.com/platform/external/puffin
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://android.googlesource.com/platform/external/setupdesign/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4674
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4849
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5140
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5536
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7405
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/8308
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/8315
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/8319
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: https://chromewebstore.google.com/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/github/JoshGlazebrook/smart-buffer?branch=master)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/repos/github/JoshGlazebrook/smart-buffer/badge.svg?branch=master)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1042393
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1046462
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1060012
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1091824
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1137851
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17428499057.0000000002D70000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: https://crbug.com/1201800
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1300575
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1356053
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/705865
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/710443
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/811661
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/848952
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/download/more/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify#The_
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/android/guides/setup
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.developer.apple.com/Developer_Tools/Command_Line_Tools_for_Xcode_11.5/Command_Line_
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/opensource
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/support
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks#api-reference)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Maratyszcza/pthreadpool
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/MeriemKhelifi)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RABEHAJA-STEVENS)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env#readme
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/STRML/async-limiter
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/tree/trunk
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/node-socks-proxy-agent#readme
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/aawc/unrar.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei/sprintf.js.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alograg)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrasq)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrewrk/node-mv/blob/master/package.json
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/arose)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/beck)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bitinn/node-fetch
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/daurnimator)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/rc.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file#readme
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container#readme
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/safe-buffer
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-concat
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-get
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fredludlow)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giann)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/distributed_point_functions
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/pprof/tree/master/proto
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/private-join-and-compute
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/protobuf
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/re2
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ruy
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/securemessage
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/sentencepiece
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/shell-encryption
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ukey2
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight#readme
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/intel/libva
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass-fetch)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-tar.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/yallist.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/johnnyshields)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/269
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/323)).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/pull/141
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-jsonfile#readfilefilename-options-callback).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-jsonfile#readfilesyncfilename-options).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lgeiger/node-abi/issues/54
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/litmit)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/marob)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mrvisser)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/msimerson)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nazar-pc)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/node4good/windows-autoconf
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/TSC/blob/master/Moderation-Policy.md
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next/archive/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-macos
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-windows
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1779
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1861
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1927
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/raw/master/macOS_Catalina_acid_test.sh
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/c8a04049/lib/internal/errors.js
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/CODE_OF_CONDUCT.md
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/v10.8.0/lib/internal/errors.js
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/8871#issuecomment-250915913
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/string_decoder
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/normalize/mz
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cacache
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/make-fetch-happen
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/minipass-fetch.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/move-file
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/nopt.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npmlog.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/ssri
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/oliversalzburg)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pigulla)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ppollono)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rebeccapeltz)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/simplejson/simplejson
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/feross
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/isaacs
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/stingstrom)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/models
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tensorflow
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/text.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tflite-support
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tim-kos/node-retry
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/timgates42)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wasdk/wasmparser
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1202
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1869.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1940.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wodka)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/xiph/rnnoise
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking#readme
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking.git
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hackerone.com/reports/541502
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsURLParsers.cpp
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hsivonen.fi/encoding-menu/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/comms.html#the-websocket-interface
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/smart-buffer.png?downloads=true&downloadRank=true&stars=true
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_exists_path_callback)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_existssync_path)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_read_fd_buffer_offset_length_position_callback)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_write_fd_buffer_offset_length_position_callback)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefile_file_data_options_callback)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefile_file_data_options_callback).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefilesync_file_data_options)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefilesync_file_data_options).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/util.html#util_util_promisify_original)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npm.im/$
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://polymer-library.polymer-project.org
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ponyfill.com/)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://quiche.googlesource.com/quiche
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://robwu.nl/)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://skia.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://source.corp.google.com/piper///depot/google3/third_party/tamachiyomi/README.md
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/security).
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc1928#section-3
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-9.1
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer.svg?branch=master)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cl.cam.ac.uk/%7Emgk25/ucs/utf8_check.c
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/feross
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17430220486.0000000005CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/copyright.html.
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: cmd.exeProcess created: 78

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile dump: SpacesVoid.exe.0.dr 172675584Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile dump: SpacesVoid.exe0.0.dr 172675584Jump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess token adjusted: SecurityJump to behavior
Source: libEGL.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: SpacesVoid.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: SpacesVoid.exe0.0.drStatic PE information: Number of sections : 15 > 10
Source: libEGL.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs SpacesVoid Setup 1.0.0.exe
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17436390859.0000000005D76000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs SpacesVoid Setup 1.0.0.exe
Source: SpacesVoid Setup 1.0.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: // did the user specify their own .sln file?
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: * On Windows, find the first build/*.sln file.
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: glob('build/*.sln', function (err, files) {
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return path.extname(arg) === '.sln'
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: print('Usage: %s "c:\\path\\to\\project.sln"' % sys.argv[0])
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17429399613.00000000057D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return callback(new Error('Could not find *.sln file. Did you run "configure"?'))
Source: classification engineClassification label: mal84.troj.spyw.evad.winEXE@223/154@8/8
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7340:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:444:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4912:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4716:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2496:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3608:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:936:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4620:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6532:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1560:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3688:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:444:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1768:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3304:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:452:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6112:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2060:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4820:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2792:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2792:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6112:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3244:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3592:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:452:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6532:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2060:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4716:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5640:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2940:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1692:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7476:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:280:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7340:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4092:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6108:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4632:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1768:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1764:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2808:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:708:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3688:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1172:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2496:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2808:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3592:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2940:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:280:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3304:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4620:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6236:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4632:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4092:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1172:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4820:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3368:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1764:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6108:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2300:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3608:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1692:304:WilStaging_02
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeMutant created: \Sessions\1\BaseNamedObjects\e1611148-5250-504b-8870-9793aa65c9f1
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1560:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2300:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3244:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3368:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6236:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:936:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4912:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:708:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5640:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7752:304:WilStaging_02
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsaAB5A.tmpJump to behavior
Source: SpacesVoid Setup 1.0.0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SPACESVOID.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "javaw.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile read: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe "C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exe"
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv | "C:\Windows\system32\find.exe" "SpacesVoid.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "SpacesVoid.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1684 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2388 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . cookies.sqlite
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --no-subproc-heap-profiling --field-trial-handle=2264,i,10227422571099067476,57022648399585482,262144 --disable-features=PaintHolding --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2280 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,7652606613945732369,12492121745712415275,131072 --disable-features=PaintHolding --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1808 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . *.sqlite
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv | "C:\Windows\system32\find.exe" "SpacesVoid.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "SpacesVoid.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1684 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2388 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . cookies.sqlite
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --no-subproc-heap-profiling --field-trial-handle=2264,i,10227422571099067476,57022648399585482,262144 --disable-features=PaintHolding --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2280 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,7652606613945732369,12492121745712415275,131072 --disable-features=PaintHolding --lang=en-GB --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1808 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . *.sqlite
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dxcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dll
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\where.exeSection loaded: version.dll
Source: C:\Windows\System32\where.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e1611148-5250-504b-8870-9793aa65c9f1Jump to behavior
Source: SpacesVoid Setup 1.0.0.exeStatic file information: File size 80211395 > 1048576
Source: SpacesVoid Setup 1.0.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17522199657.0000000005A10000.00000004.00001000.00020000.00000000.sdmp, SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17522845113.0000000005BD0000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: SpacesVoid.exe.0.drStatic PE information: section name: .00cfg
Source: SpacesVoid.exe.0.drStatic PE information: section name: .gxfg
Source: SpacesVoid.exe.0.drStatic PE information: section name: .retplne
Source: SpacesVoid.exe.0.drStatic PE information: section name: .rodata
Source: SpacesVoid.exe.0.drStatic PE information: section name: CPADinfo
Source: SpacesVoid.exe.0.drStatic PE information: section name: LZMADEC
Source: SpacesVoid.exe.0.drStatic PE information: section name: _RDATA
Source: SpacesVoid.exe.0.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll0.0.drStatic PE information: section name: .retplne
Source: libEGL.dll0.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll0.0.drStatic PE information: section name: _RDATA
Source: SpacesVoid.exe0.0.drStatic PE information: section name: .00cfg
Source: SpacesVoid.exe0.0.drStatic PE information: section name: .gxfg
Source: SpacesVoid.exe0.0.drStatic PE information: section name: .retplne
Source: SpacesVoid.exe0.0.drStatic PE information: section name: .rodata
Source: SpacesVoid.exe0.0.drStatic PE information: section name: CPADinfo
Source: SpacesVoid.exe0.0.drStatic PE information: section name: LZMADEC
Source: SpacesVoid.exe0.0.drStatic PE information: section name: _RDATA
Source: SpacesVoid.exe0.0.drStatic PE information: section name: malloc_h
Source: node.napi.node.0.drStatic PE information: section name: _RDATA
Source: node_sqlite3.node.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\SpacesVoid.exeJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpacesVoid.lnkJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9916
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7464Thread sleep count: 9916 > 30
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcatsJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpacked\node_modules\ilovingcats\distJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsbABF8.tmp\7z-out\resourcesJump to behavior
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (!isMesa && IsMaliT8xxOrOlder(functions)) || (!isMesa && IsMaliG31OrOlder(functions))
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
Source: SpacesVoid Setup 1.0.0.exe, 00000000.00000003.17440802496.0000000006B10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest
Source: curl.exe, 0000000E.00000003.17695837605.000002486A6B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll??-oP
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\Desktop\SpacesVoid Setup 1.0.0.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv | "C:\Windows\system32\find.exe" "SpacesVoid.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SpacesVoid.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "SpacesVoid.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1684 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2388 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /F /IM msedge.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . *.sqlite"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . cookies.sqlite
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . *.sqlite
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "c:\users\user\appdata\local\programs\unrealgame\spacesvoid.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1684 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "c:\users\user\appdata\local\programs\unrealgame\spacesvoid.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2388 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "c:/program files/google/chrome/application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=c:\users\user\appdata\local\google\chrome\user data" --profile-directory=default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "c:/program files (x86)/microsoft/edge/application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=c:\users\user\appdata\local\microsoft\edge\user data" --profile-directory=default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "c:\users\user\appdata\local\programs\unrealgame\spacesvoid.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1684 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exe "c:\users\user\appdata\local\programs\unrealgame\spacesvoid.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2388 --field-trial-handle=1716,i,4433599270705171357,11095774082873419017,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "c:/program files/google/chrome/application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=c:\users\user\appdata\local\google\chrome\user data" --profile-directory=default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "c:/program files (x86)/microsoft/edge/application/msedge.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=c:\users\user\appdata\local\microsoft\edge\user data" --profile-directory=default --window-position=-32000,-32000 --headless https://mail.google.com
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\ilovingcats\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\ilovingcats\dist\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\ilovingcats\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Chrome-Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Chrome-Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Chrome-Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Chrome-Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Edge-Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\Edge-Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\user-cookies-fixed.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\user-cookies-fixed.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\content-prefs.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\content-prefs.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\content-prefs.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\favicons.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\favicons.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\favicons.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\permissions.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\permissions.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\protections.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\protections.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\protections.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\webappsstore.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\webappsstore.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\webappsstore.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\default\moz-extension+++5e736be9-c24e-4afd-9b82-80cfe7b06e1d^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\default\moz-extension+++5e736be9-c24e-4afd-9b82-80cfe7b06e1d^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\default\moz-extension+++5e736be9-c24e-4afd-9b82-80cfe7b06e1d^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-SW69Fp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-SW69Fp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-SW69Fp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0518291756 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0518291756 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0615447233 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0653671941 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1141274626 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1141274626 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1169381505 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1237160943 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1237160943 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1244065654 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1287572840 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7216804956 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7245361316 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7606393495 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7606393495 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7676687441 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8182259827 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8182259827 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8416181845 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8492240360 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8552718761 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9281004682 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9281004682 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9329238007 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9369051781 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9659692161 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9659692161 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9801086636 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9925478147 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrocef_low VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_sbx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2\en-US VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Importer_6_Default_4 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Importer_6_Default_4 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Importer_6_Default_4\LogFiles VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\solwh405tw7n\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\solwh405tw7n\Cookies\Chrome.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Users\user\AppData\Local\Temp\solwh405tw7n\Cookies\Chrome.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\permissions.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\content-prefs.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.dbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\protections.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\favicons.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\default\moz-extension+++5e736be9-c24e-4afd-9b82-80cfe7b06e1d^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.logJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\webappsstore.sqliteJump to behavior

Remote Access Functionality

barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\AppData\Local\Programs\unrealgame\SpacesVoid.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --restore-last-session --remote-debugging-port=9184 --remote-allow-origins=* "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --window-position=-32000,-32000 --headless https://mail.google.com

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts211
Windows Management Instrumentation		1
Windows Service		1
Windows Service		11
Masquerading		1
OS Credential Dumping		21
Security Software Discovery		Remote Services1
Data from Local System		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		11
Process Injection		11
Disable or Modify Tools		LSASS Memory11
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Remote Access Software		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		11
Virtualization/Sandbox Evasion		Security Account Manager1
Network Service Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		11
Process Injection		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Extra Window Memory Injection		1
DLL Side-Loading		LSA Secrets1
Application Window Discovery		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem34
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1595360 Sample: SpacesVoid Setup 1.0.0.exe Startdate: 20/01/2025 Architecture: WINDOWS Score: 84 57 file.io 2->57 59 apileet.hexonst34l3r.com 2->59 61 2 other IPs or domains 2->61 81 Sigma detected: Invoke-Obfuscation CLIP+ Launcher 2->81 83 Drops large PE files 2->83 85 Sigma detected: Invoke-Obfuscation VAR+ Launcher 2->85 87 Sigma detected: Potential Data Stealing Via Chromium Headless Debugging 2->87 8 SpacesVoid.exe 18 2->8         started        13 SpacesVoid Setup 1.0.0.exe 12 337 2->13         started        signatures3 process4 dnsIp5 67 api.gofile.io 94.139.32.3, 443, 49771, 49778 ENIX-ASFR Belgium 8->67 69 file.io 104.21.66.52, 443, 49772, 49779 CLOUDFLARENETUS United States 8->69 71 2 other IPs or domains 8->71 47 C:\Users\user\AppData\Local\...\passwords.db, SQLite 8->47 dropped 89 Attempt to bypass Chrome Application-Bound Encryption 8->89 91 Tries to harvest and steal browser information (history, passwords, etc) 8->91 15 cmd.exe 8->15         started        17 cmd.exe 8->17         started        20 cmd.exe 8->20         started        24 39 other processes 8->24 49 C:\Users\user\AppData\...\SpacesVoid.exe, PE32+ 13->49 dropped 51 C:\Users\user\AppData\...\clang-format.js, a 13->51 dropped 53 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 13->53 dropped 55 20 other files (none is malicious) 13->55 dropped 22 cmd.exe 1 13->22         started        file6 signatures7 process8 dnsIp9 27 WMIC.exe 15->27         started        30 conhost.exe 15->30         started        77 Suspicious powershell command line found 17->77 39 2 other processes 17->39 41 2 other processes 20->41 32 conhost.exe 22->32         started        43 2 other processes 22->43 73 chrome.cloudflare-dns.com 162.159.61.3, 443, 49774, 49775 CLOUDFLARENETUS United States 24->73 75 239.255.255.250, 1900 unknown Reserved 24->75 79 Excessive usage of taskkill to terminate processes 24->79 34 chrome.exe 24->34         started        37 curl.exe 24->37         started        45 71 other processes 24->45 signatures10 process11 dnsIp12 93 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 27->93 95 Queries memory information (via WMI often done to detect virtual machines) 27->95 63 mail.google.com 64.233.180.19, 443, 49766, 49767 GOOGLEUS United States 34->63 65 api.ipify.org 104.26.13.205, 49761, 80 CLOUDFLARENETUS United States 37->65 signatures13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.