Edit tour

Windows Analysis Report
kf-dcp-download-setup.exe

Overview

General Information

Sample name:	kf-dcp-download-setup.exe
Analysis ID:	1602819
MD5:	faa17329144490edb32d57667746d06a
SHA1:	8bc926a48941f03c23c89850c1212abf5713a212
SHA256:	b3318096963f83d430b2f398b2a83ab733be2956578d045b8bb9025fd6340143
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops large PE files

Joe Sandbox ML detected suspicious sample

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality for execution timing, often used to detect debuggers

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Process Proxy Execution Via Squirrel.EXE

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

kf-dcp-download-setup.exe (PID: 2508 cmdline: "C:\Users\user\Desktop\kf-dcp-download-setup.exe" MD5: FAA17329144490EDB32D57667746D06A)

kf-dcp-download-setup.exe (PID: 3468 cmdline: "C:\Users\user\Desktop\kf-dcp-download-setup.exe" --rerunningWithoutUAC MD5: FAA17329144490EDB32D57667746D06A)

Update.exe (PID: 1708 cmdline: "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC MD5: A560BAD9E373EA5223792D60BEDE2B13)

squirrel.exe (PID: 1988 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe MD5: 04E9A279511D34D48371D4622EC398E2)

kf-dcp-download.exe (PID: 6204 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --squirrel-install 1.3.0 MD5: 69F430C56048EB16C4B48C36FAAF5F56)

Update.exe (PID: 5188 cmdline: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe --createShortcut=kf-dcp-download.exe MD5: A560BAD9E373EA5223792D60BEDE2B13)

kf-dcp-download.exe (PID: 2884 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1752 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 69F430C56048EB16C4B48C36FAAF5F56)

explorer.exe (PID: 4056 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

kf-dcp-download.exe (PID: 6752 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --mojo-platform-channel-handle=1984 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 69F430C56048EB16C4B48C36FAAF5F56)

kf-dcp-download.exe (PID: 3640 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491015471 --launch-time-ticks=5222037415 --mojo-platform-channel-handle=1992 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1 MD5: 69F430C56048EB16C4B48C36FAAF5F56)

kf-dcp-download.exe (PID: 5176 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --squirrel-firstrun MD5: 69F430C56048EB16C4B48C36FAAF5F56)

kf-dcp-download.exe (PID: 1280 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1644 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 69F430C56048EB16C4B48C36FAAF5F56)

kf-dcp-download.exe (PID: 4268 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --mojo-platform-channel-handle=3032 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 69F430C56048EB16C4B48C36FAAF5F56)

kf-dcp-download.exe (PID: 4456 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491017396 --launch-time-ticks=5227685027 --mojo-platform-channel-handle=3124 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1 MD5: 69F430C56048EB16C4B48C36FAAF5F56)

kf-dcp-download.exe (PID: 7936 cmdline: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2512 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 69F430C56048EB16C4B48C36FAAF5F56)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Update.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
3.0.Update.exe.10000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Sigma Signatures

System Summary

Sigma detected: Process Proxy Execution Via Squirrel.EXE

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems), Karneades / Markus Neis, Jonhnathan Ribeiro, oscd.community: Data: Command: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe --createShortcut=kf-dcp-download.exe, CommandLine: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe --createShortcut=kf-dcp-download.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe, NewProcessName: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe, OriginalFileName: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe, ParentCommandLine: "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --squirrel-install 1.3.0, ParentImage: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe, ParentProcessId: 6204, ParentProcessName: kf-dcp-download.exe, ProcessCommandLine: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe --createShortcut=kf-dcp-download.exe, ProcessId: 5188, ProcessName: Update.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 92.1% probability

Source: kf-dcp-download-setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kf_dcp_download

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\main\index.js.LICENSE.txt			Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\renderer\main_window\index.js.LICENSE.txt			Jump to behavior

Source: unknown

HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.7:49711 version: TLS 1.2

Source: kf-dcp-download-setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: netstandard.pdb.mdb source: Update.exe
Source:	Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: kf-dcp-download-setup.exe
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: vulkan-1.dll.3.dr

Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData\Local\kf_dcp_download	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources	Jump to behavior

Networking

Yara detected Generic Downloader

Source: Yara match	File source: Update.exe, type: SAMPLE
Source: Yara match	File source: 3.0.Update.exe.10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe, type: DROPPED

Source: global traffic

HTTP traffic detected: GET /electron/electron/main/shell/browser/resources/win/electron.ico HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox View	IP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /electron/electron/main/shell/browser/resources/win/electron.ico HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: raw.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1726162870.0000000007306000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1726162870.0000000007306000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1726162870.0000000007306000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/_rels/.rels
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000008.00000002.1731219768.000000000357D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/kf_dcp_download.nuspec
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/chrome_100_percent.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/chrome_200_percent.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/d3dcompiler_47.dll
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/ffmpeg.dll
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/icudtl.dat
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/kf-dcp-download.exe
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/kf-dcp-download_ExecutionStub.exe
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/libEGL.dll
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/libGLESv2.dll
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/af.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/am.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ar.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/bg.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/bn.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ca.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/cs.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/da.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/de.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/el.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/en-GB.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/en-US.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/es-419.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/es.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/et.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fa.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fi.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fil.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fr.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/gu.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/he.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/hi.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/hr.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/hu.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/id.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/it.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ja.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/kn.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ko.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/lt.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/lv.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ml.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/mr.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ms.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/nb.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/nl.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/pl.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/pt-BR.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/pt-PT.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ro.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ru.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sk.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sl.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sr.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sv.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sw.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ta.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/te.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/th.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/tr.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/uk.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ur.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/vi.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/zh-CN.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/zh-TW.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/main/index.js
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/main/index.js.LICENSE.txt
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/main/index.js.map
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/all.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/bulma-list.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/bulma-rtl.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/bulma-rtl.css.map
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/bulma-rtl.min.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/bulma.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/bulma.css.map
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/bulma.min.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/bulma.min.css0yj
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/css/download.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/bg.gif
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/dmg_bg.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/drag.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/folder.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/header.jpg
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/icon.icns
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/icon.ico
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/icon.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/kinofreund-logo-606x100
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/img/list.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/webfonts/fa-brands-400.ttf
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/webfonts/fa-brands-400.woff
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/webfonts/fa-regular-400.ttf
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/webfonts/fa-regular-400.wof
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/webfonts/fa-solid-900.ttf
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/webfonts/fa-solid-900.woff2
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/assets/webfonts/fa-v4compatibility
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/css/all.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/css/bulma-list.
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/css/bulma-rtl.c
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/css/bulma-rtl.m
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/css/bulma.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/css/bulma.css.m
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/css/bulma.min.c
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/css/download.cs
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/bg.gif
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/bg.gif0yj
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/dmg_bg.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/drag.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/folder.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/header.jpg
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/icon.icns
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/icon.ico
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/icon.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/kinofreund-
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/img/list.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/webfonts/fa-bra
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/webfonts/fa-reg
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/webfonts/fa-sol
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/assets/webfonts/fa-v4c
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/index.html
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/index.js
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/index.js.LICENSE.txt
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/index.js.LICENSE.txt0y
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/.webpack/renderer/main_window/index.js.map
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/_._
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/package.json
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/snapshot_blob.bin
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/squirrel.exe
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/v8_context_snapshot.bin
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/vk_swiftshader.dll
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/vk_swiftshader_icd.json
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/vulkan-1.dll
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000008.00000002.1731219768.000000000357D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/package/services/metadata/core-properties/c2725d7decc34acd91bc8cc631ba682c.p
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample._
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.bin
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.bsdiff
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.css
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.dat
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.diff
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.dll
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.exe
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.gif
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.html
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.icns
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.ico
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.jpg
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.js
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.json
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.map
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.nuspec
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.pak
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.png
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcp
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcp0yj
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.rels
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.shasum
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.ttf
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.txt
Source: Update.exe, 00000008.00000002.1731219768.00000000034EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.woff2
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1726162870.0000000007306000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: explorer.exe, 0000000A.00000000.1731582129.0000000008810000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.1731622077.0000000008820000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.1730457602.0000000007C70000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: Update.exe, 00000008.00000002.1731219768.000000000357D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.openxmlformats.or
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071B2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.foreca.com
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F83000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 0000000A.00000000.1732375976.000000000913F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: Update.exe	String found in binary or memory: https://api.github.com/#
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F09000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=DD4083B70FE54739AB05D6BBA3484042&timeOut=5000&oc
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
Source: 572428fc-87ae-402f-9d45-99576a1a9199.tmp.16.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: de.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=de&category=theme81https://myactivity.google.com/myactivity/?u
Source: de.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=deStrg$1
Source: es.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=es&category=theme81https://myactivity.google.com/myactivity/?u
Source: es.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=esCtrl$1
Source: lv.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=lv&category=theme81https://myactivity.google.com/myactivity/?u
Source: lv.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=lvCtrl$1
Source: te.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u
Source: te.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=teCtrl$1
Source: zh-TW.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: zh-TW.pak.3.dr	String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TWCtrl$1
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: explorer.exe, 0000000A.00000000.1737742466.000000000C091000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: fa-v4compatibility.ttf0.3.dr	String found in binary or memory: https://fontawesome.comCopyright
Source: Update.exe	String found in binary or memory: https://github.com/myuser/myrepo
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1c9Jin.img
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
Source: explorer.exe, 0000000A.00000000.1739095685.000000000C4A2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ja.c
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://myactivity.google.com/
Source: explorer.exe, 0000000A.00000000.1737742466.000000000C091000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com
Source: te.pak.3.dr, zh-TW.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://passwords.google.comGoogle
Source: de.pak.3.dr	String found in binary or memory: https://passwords.google.comGoogle-KontoF
Source: es.pak.3.dr	String found in binary or memory: https://passwords.google.comcuenta
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://policies.google.com/
Source: explorer.exe, 0000000A.00000000.1737742466.000000000C091000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.com
Source: Update.exe, 00000008.00000002.1731219768.000000000358F000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000008.00000002.1731219768.000000000357D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/electron/electron/main/shell/browser/resources/win/electron.ico
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: es.pak.3.dr	String found in binary or memory: https://support.google.com/chrome/answer/6098869?hl=es
Source: de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr	String found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000A.00000000.1732375976.00000000090F2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/
Source: explorer.exe, 0000000A.00000000.1737742466.000000000C091000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: de.pak.3.dr	String found in binary or memory: https://www.beispiel.de
Source: te.pak.3.dr, zh-TW.pak.3.dr	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: de.pak.3.dr	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&HilfeVon
Source: es.pak.3.dr	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlAy&udaGestionado
Source: lv.pak.3.dr	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlP&al
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/music/news/6-rock-ballads-that-tug-at-the-heartstrings/ar-AA1hIdsm
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/here-s-who-could-see-above-average-snowfall-this-winter
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071FC000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 0000000A.00000000.1726162870.00000000071B2000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.pollensense.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown

HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.7:49711 version: TLS 1.2

System Summary

Drops large PE files

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File dump: kf-dcp-download.exe.3.dr 166228480

Jump to dropped file

Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Code function: 8_2_00007FFAAB6B0F18	8_2_00007FFAAB6B0F18
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Code function: 8_2_00007FFAAB6BA6D9	8_2_00007FFAAB6BA6D9
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Code function: 8_2_00007FFAAB6C1B3C	8_2_00007FFAAB6C1B3C
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Code function: 8_2_00007FFAAB6B0F25	8_2_00007FFAAB6B0F25
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Code function: 8_2_00007FFAAB6B564D	8_2_00007FFAAB6B564D

Source: kf-dcp-download-setup.exe

Static PE information: Resource name: DATA type: Zip archive data, at least v2.0 to extract, compression method=deflate

Source: libEGL.dll.3.dr	Static PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.3.dr	Static PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.3.dr	Static PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.3.dr	Static PE information: Number of sections : 11 > 10
Source: kf-dcp-download.exe.3.dr	Static PE information: Number of sections : 15 > 10

Source: kf-dcp-download-setup.exe, 00000000.00000000.1433951389.0000000006D93000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSetup.exeZ vs kf-dcp-download-setup.exe
Source: kf-dcp-download-setup.exe, 00000002.00000000.1456992067.0000000006D93000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSetup.exeZ vs kf-dcp-download-setup.exe

Source: kf-dcp-download-setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal52.troj.winEXE@26/203@5/3

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\kf_dcp_download

Jump to behavior

Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe

Mutant created: NULL

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\Temp\.squirrel-lock-B073BAE3041401F35EA8663186E85F671198816D

Jump to behavior

Source: kf-dcp-download-setup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: kf-dcp-download-setup.exe	String found in binary or memory: DeploymentTool.exe\need dictionaryinvalid literal/length codeinvalid distance codeinvalid block typeinvalid stored block lengthstoo many length or distance symbolsinvalid bit length repeatoversubscribed dynamic bit lengths treeincomplete dynamic bit lengths treeoversubscribed literal/length treeincomplete literal/length treeoversubscribed distance treeincomplete distance treeempty distance tree with lengthsunknown compression methodinvalid window sizeincorrect header checkincorrect data check\..\\..//..//..\UT%s%s%s%s%sOpen Setup LogCloseInstallation has failedSquirrelSQUIRREL_TEMP%s%s\%sUnable to write to %s - IT policies may be restricting access to this folder\SquirrelTemp%s\SquirrelSetup.logDATAUpdate.exe"%s" --install . %sThere was an error while installing the application. Check the setup log for more information and contact the author.Failed to extract installervector<T> too longi
Source: Update.exe	String found in binary or memory: b=\|baseUrl={Provides a base URL to prefix the RELEASES file packages with-a=\|process-start-args=iArguments that will be used when starting executable-l=\|shortcut-locations=
Source: Update.exe	String found in binary or memory: ((?=^[ ]{{0,{0}}}[^ \t\n])\|\Z) # Lookahead for non-space at line-start, or end of doc
Source: Update.exe	String found in binary or memory: onError%Downloading file: 1Failed downloading URL: #Downloading url: 1Failed to download url: !squirrel-install3Starting automatic update7Failed to check for updates5Failed to download updates/Failed to apply updates9Failed to set up uninstaller){0} {1}{2} {3} # {4}
Source: Update.exe	String found in binary or memory: Scanning {0}mIgnoring {0} as the target framework is not compatible%Writing {0} to {1}UCouldn't find file for package in {1}: {0}%--squirrel-install%--squirrel-updated'--squirrel-obsolete)--squirrel-uninstall'--squirrel-firstrunAFailed to handle Squirrel events[\StringFileInfo\040904B0\SquirrelAwareVersion)SquirrelAwareVersion;Failed to promote Tray icon:
Source: Update.exe	String found in binary or memory: ..\Update.exegUpdate.exe not found, not a Squirrel-installed app?
Source: Update.exe	String found in binary or memory: update.MNo release to install, running the appIFailed to install package to app dirIFailed to update local releases file;Failed to invoke post-install;Starting fixPinnedExecutables)Fixing up tray icons
Source: Update.exe	String found in binary or memory: -delta.nupkg$iCannot apply combinations of delta and full packagesQCouldn't run Squirrel hook, continuing: ---squirrel-updated {0}---squirrel-install {0}9Squirrel Enabled Apps: [{0}]wNo apps are marked as Squirrel-aware! Going to run them all-Failed to delete key: /--squirrel-obsolete {0}7Couldn't delete directory: QCoudln't run Squirrel hook, continuing: WcleanDeadVersions: checking for version {0}kcleanDeadVersions: exclude current version folder {0}ccleanDeadVersions: exclude new version folder {0}

Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: msctfui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: msspellcheckingfacility.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mscms.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: directmanipulation.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: msspellcheckingfacility.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d12core.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: dxilconv.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: d3dscache.dll
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Section loaded: twinapi.appcore.dll

Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: kf-dcp-download.lnk.8.dr	LNK file: ..\..\..\..\..\..\Local\kf_dcp_download\kf-dcp-download.exe
Source: kf-dcp-download.lnk0.8.dr	LNK file: ..\AppData\Local\kf_dcp_download\kf-dcp-download.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\kf_dcp_download

Jump to behavior

Source: kf-dcp-download-setup.exe

Static file information: File size 103888384 > 1048576

Source: kf-dcp-download-setup.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x62e8800

Source: kf-dcp-download-setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: kf-dcp-download-setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: kf-dcp-download-setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: kf-dcp-download-setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: kf-dcp-download-setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: kf-dcp-download-setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: kf-dcp-download-setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: kf-dcp-download-setup.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: netstandard.pdb.mdb source: Update.exe
Source:	Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: kf-dcp-download-setup.exe
Source:	Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: vulkan-1.dll.3.dr

Source: kf-dcp-download-setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: kf-dcp-download-setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: kf-dcp-download-setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: kf-dcp-download-setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: kf-dcp-download-setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: ffmpeg.dll.3.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.3.dr	Static PE information: section name: .gxfg
Source: ffmpeg.dll.3.dr	Static PE information: section name: .retplne
Source: ffmpeg.dll.3.dr	Static PE information: section name: _RDATA
Source: kf-dcp-download.exe.3.dr	Static PE information: section name: .00cfg
Source: kf-dcp-download.exe.3.dr	Static PE information: section name: .gxfg
Source: kf-dcp-download.exe.3.dr	Static PE information: section name: .retplne
Source: kf-dcp-download.exe.3.dr	Static PE information: section name: .rodata
Source: kf-dcp-download.exe.3.dr	Static PE information: section name: CPADinfo
Source: kf-dcp-download.exe.3.dr	Static PE information: section name: LZMADEC
Source: kf-dcp-download.exe.3.dr	Static PE information: section name: _RDATA
Source: kf-dcp-download.exe.3.dr	Static PE information: section name: malloc_h
Source: libEGL.dll.3.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.3.dr	Static PE information: section name: .gxfg
Source: libEGL.dll.3.dr	Static PE information: section name: .retplne
Source: libEGL.dll.3.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.3.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.3.dr	Static PE information: section name: .gxfg
Source: libGLESv2.dll.3.dr	Static PE information: section name: .retplne
Source: libGLESv2.dll.3.dr	Static PE information: section name: _RDATA
Source: vk_swiftshader.dll.3.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.3.dr	Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.3.dr	Static PE information: section name: .retplne
Source: vk_swiftshader.dll.3.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.3.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.3.dr	Static PE information: section name: .gxfg
Source: vulkan-1.dll.3.dr	Static PE information: section name: .retplne
Source: vulkan-1.dll.3.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Code function: 8_2_00007FFAAB6B00AD pushad ; iretd		8_2_00007FFAAB6B00C1
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Code function: 8_2_00007FFAAB6C29D1 pushad ; ret		8_2_00007FFAAB6C2A34

Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	File created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\kf-dcp-download.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\libGLESv2.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\main\index.js.LICENSE.txt			Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\renderer\main_window\index.js.LICENSE.txt			Jump to behavior

Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kinofreund eG			Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\kinofreund eG\kf-dcp-download.lnk			Jump to behavior

Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe

Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Memory allocated: 22D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Memory allocated: 1A500000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Memory allocated: 970000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Memory allocated: 1A750000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Memory allocated: 1630000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Memory allocated: 1B3D0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe

Code function: 8_2_00007FFAAB6BC6A0 rdtsc

8_2_00007FFAAB6BC6A0

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Window / User API: threadDelayed 2389	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Window / User API: threadDelayed 4273	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 634	Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\kf_dcp_download\kf-dcp-download.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\libGLESv2.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 2796	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 360	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe TID: 7348	Thread sleep count: 198 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe TID: 7348	Thread sleep count: 299 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe TID: 5688	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe TID: 3956	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Roaming\kf-dcp-download\Code Cache\js FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Roaming\kf-dcp-download\Code Cache\wasm FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Roaming\kf-dcp-download\blob_storage\2d1e4f6f-81cc-4967-9c45-be2e6a1d82fd FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Roaming\kf-dcp-download\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Roaming\kf-dcp-download\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Roaming\kf-dcp-download\blob_storage\7c0cec91-c21e-4de2-96de-2e306aab7628 FullSizeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Roaming\kf-dcp-download\Cache\Cache_Data FullSizeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0 FullSizeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0 FullSizeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File Volume queried: C:\Users\user FullSizeInformation

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData\Local\kf_dcp_download	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	File opened: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources	Jump to behavior

Source: explorer.exe, 0000000A.00000000.1720736010.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000I
Source: explorer.exe, 0000000A.00000000.1724645625.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 0000000A.00000000.1724645625.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.NoneVMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9dVMware20,1
Source: explorer.exe, 0000000A.00000000.1724645625.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
Source: explorer.exe, 0000000A.00000000.1724645625.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: explorer.exe, 0000000A.00000000.1726162870.0000000007306000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_xU1
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000I}~"
Source: explorer.exe, 0000000A.00000000.1732375976.0000000009052000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000}io
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWystem32\DriverStore\en-US\machine.inf_loc5
Source: explorer.exe, 0000000A.00000000.1724645625.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware20,1
Source: explorer.exe, 0000000A.00000000.1724645625.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMWare
Source: explorer.exe, 0000000A.00000000.1732375976.0000000009052000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000'
Source: explorer.exe, 0000000A.00000000.1726162870.0000000007306000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008F27000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWT`
Source: explorer.exe, 0000000A.00000000.1724645625.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SVGA IIES1371
Source: explorer.exe, 0000000A.00000000.1724645625.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual RAM
Source: explorer.exe, 0000000A.00000000.1724645625.0000000003249000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: explorer.exe, 0000000A.00000000.1720736010.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 0000000A.00000000.1732375976.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000A.00000000.1720736010.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe

Code function: 8_2_00007FFAAB6BC6A0 rdtsc

8_2_00007FFAAB6BC6A0

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --squirrel-install 1.3.0	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --squirrel-firstrun	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe C:\Users\user\AppData\Local\kf_dcp_download\Update.exe --createShortcut=kf-dcp-download.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1752 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --mojo-platform-channel-handle=1984 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491015471 --launch-time-ticks=5222037415 --mojo-platform-channel-handle=1992 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1644 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --mojo-platform-channel-handle=3032 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491017396 --launch-time-ticks=5227685027 --mojo-platform-channel-handle=3124 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2512 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1752 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --mojo-platform-channel-handle=1984 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491015471 --launch-time-ticks=5222037415 --mojo-platform-channel-handle=1992 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:1
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1644 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --mojo-platform-channel-handle=3032 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491017396 --launch-time-ticks=5227685027 --mojo-platform-channel-handle=3124 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:1
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --gpu-preferences=waaaaaaaaadoaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaabeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=2512 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1752 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --mojo-platform-channel-handle=1984 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491015471 --launch-time-ticks=5222037415 --mojo-platform-channel-handle=1992 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1644 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --mojo-platform-channel-handle=3032 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491017396 --launch-time-ticks=5227685027 --mojo-platform-channel-handle=3124 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:1
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "c:\users\user\appdata\local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\kf-dcp-download" --gpu-preferences=waaaaaaaaadoaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaabeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=2512 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2

Source: explorer.exe, 0000000A.00000000.1732375976.0000000009013000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000A.00000000.1724006099.0000000001441000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000A.00000000.1725915589.0000000004880000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000A.00000000.1724006099.0000000001441000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 0000000A.00000000.1724006099.0000000001441000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: ?Program Manager
Source: explorer.exe, 0000000A.00000000.1720736010.0000000000C59000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman
Source: explorer.exe, 0000000A.00000000.1724006099.0000000001441000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Users\user\AppData\Local\SquirrelTemp\background.gif VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Users\user\AppData\Local\SquirrelTemp\setupIcon.ico VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Users\user\AppData\Local\SquirrelTemp\background.gif VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\package.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\package.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\main VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\main\index.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\main\index.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Roaming\kf-dcp-download VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\renderer\assets\img\icon.png VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\package.json VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0 VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\package.json VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\package.json VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\main VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\main\index.js VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\main VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\main\index.js VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Roaming\kf-dcp-download VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Roaming\kf-dcp-download\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app\.webpack\renderer\assets\img\icon.png VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Roaming\kf-dcp-download\Preferences VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Roaming\kf-dcp-download VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Roaming\kf-dcp-download VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Roaming\kf-dcp-download VolumeInformation
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Queries volume information: C:\Users\user\AppData\Roaming\kf-dcp-download VolumeInformation

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	12 Process Injection	1 Disable or Modify Tools	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	31 Virtualization/Sandbox Evasion	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	12 Process Injection	NTDS	31 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 Remote System Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	2 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	23 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
kf-dcp-download-setup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Source: unknown	Process created: C:\Users\user\Desktop\kf-dcp-download-setup.exe "C:\Users\user\Desktop\kf-dcp-download-setup.exe"
Source: unknown	Process created: C:\Users\user\Desktop\kf-dcp-download-setup.exe "C:\Users\user\Desktop\kf-dcp-download-setup.exe" --rerunningWithoutUAC
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Process created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --squirrel-install 1.3.0
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe C:\Users\user\AppData\Local\kf_dcp_download\Update.exe --createShortcut=kf-dcp-download.exe
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1752 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --mojo-platform-channel-handle=1984 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491015471 --launch-time-ticks=5222037415 --mojo-platform-channel-handle=1992 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --squirrel-firstrun
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1644 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --mojo-platform-channel-handle=3032 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491017396 --launch-time-ticks=5227685027 --mojo-platform-channel-handle=3124 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2512 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\Desktop\kf-dcp-download-setup.exe	Process created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\squirrel.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --squirrel-install 1.3.0	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --squirrel-firstrun	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\Update.exe C:\Users\user\AppData\Local\kf_dcp_download\Update.exe --createShortcut=kf-dcp-download.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1752 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --mojo-platform-channel-handle=1984 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491015471 --launch-time-ticks=5222037415 --mojo-platform-channel-handle=1992 --field-trial-handle=1764,i,7524994637061815144,9362278005450573575,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1644 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --mojo-platform-channel-handle=3032 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --app-user-model-id=com.squirrel.kf_dcp_download.kf-dcp-download --app-path="C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\resources\app" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1738220491017396 --launch-time-ticks=5227685027 --mojo-platform-channel-handle=3124 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Source: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe	Process created: C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe "C:\Users\user\AppData\Local\kf_dcp_download\app-1.3.0\kf-dcp-download.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\kf-dcp-download" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2512 --field-trial-handle=1648,i,16275166058992291970,2529506071001633209,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report kf-dcp-download-setup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
kf-dcp-download-setup.exe