Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Boku no Hero Academia 6th Season - Episode 13.exe

Overview

General Information

Sample Name:Boku no Hero Academia 6th Season - Episode 13.exe
Analysis ID:776910
MD5:71eabe2172181c2e4517c30c22cb6d12
SHA1:caaa052ae05d6032d8361e61fa22a686c6b5a392
SHA256:147e1b5a750fbfd8863449d523e3d6d110defceb74ad9cdb7c939ab75ffa2180
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:36
Range:0 - 100

Signatures

Uses cmd line tools excessively to alter registry or file data
Obfuscated command line found
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Deletes files inside the Windows folder
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Creates processes with suspicious names
Found dropped PE file which has not been started or loaded
Uses the system / local time for branch decision (may execute only at specific dates)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Is looking for software installed on the system
PE file does not import any functions
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Uses reg.exe to modify the Windows registry
Checks for available system drives (often done to infect USB drives)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample searches for specific file, try point organization specific fake files to the analysis machine
  • System is w10x64
  • Boku no Hero Academia 6th Season - Episode 13.exe (PID: 5216 cmdline: C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe MD5: 71EABE2172181C2E4517C30C22CB6D12)
    • Boku no Hero Academia 6th Season - Episode 13.tmp (PID: 5512 cmdline: "C:\Users\user\AppData\Local\Temp\is-4VP2B.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$30408,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" MD5: F16A37D7AF3DB8C75F19AF9B3453D9C8)
      • Boku no Hero Academia 6th Season - Episode 13.exe (PID: 5204 cmdline: "C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENT MD5: 71EABE2172181C2E4517C30C22CB6D12)
        • Boku no Hero Academia 6th Season - Episode 13.tmp (PID: 2632 cmdline: "C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmp" /SL5="$2040C,24635135,780800,C:\Users\user\Desktop\Boku no Hero Academia 6th Season - Episode 13.exe" /SILENT MD5: F16A37D7AF3DB8C75F19AF9B3453D9C8)
          • VC_redist.x64.exe (PID: 1972 cmdline: "C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" /install /quiet MD5: 703BD677778F2A1BA1EB4338BAC3B868)
            • VC_redist.x64.exe (PID: 5372 cmdline: "C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=628 /install /quiet MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
              • VC_redist.x64.exe (PID: 5468 cmdline: "C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{E9871BE9-995B-4EFF-BA27-126D1FC36700} {ED4F63C9-39F6-4A7D-A76D-4B8F059F42ED} 5372 MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
                • VC_redist.x64.exe (PID: 5280 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
                  • VC_redist.x64.exe (PID: 2140 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1008 -burn.embedded BurnPipe.{652D427C-3FCF-4F57-9B0A-0FFBCA2578FC} {CF7111B3-FF83-47BF-A56D-0E99B89A84C1} 5468 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
                    • VC_redist.x64.exe (PID: 4548 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{DC57C196-DCD2-4148-818F-F83AAF0E5C46} {63FE371D-956D-4D2B-988F-00929D1EE668} 2140 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
          • InstallExtension.exe (PID: 1580 cmdline: "C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe" install MD5: 6B435C6EA00DA06603EA9927D489AB6A)
            • cmd.exe (PID: 5816 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
              • conhost.exe (PID: 5844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
              • schtasks.exe (PID: 5912 cmdline: schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
          • cmd.exe (PID: 5928 cmdline: C:\Windows\system32\cmd.exe" /C ""C:\Users\user\AppData\Local\WindowsApp\reg.bat" install MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
            • conhost.exe (PID: 5872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • schtasks.exe (PID: 6036 cmdline: schtasks.exe /Create /XML "C:\Users\user\AppData\Local\WindowsApp\reg.xml" /tn GoogleUpdate MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
  • msiexec.exe (PID: 1092 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 4767B71A318E201188A0D0A420C8B608)
  • VC_redist.x64.exe (PID: 1272 cmdline: "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /burn.runonce MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
    • VC_redist.x64.exe (PID: 4668 cmdline: "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
      • VC_redist.x64.exe (PID: 3732 cmdline: "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -burn.filehandle.attached=588 -burn.filehandle.self=564 /quiet /burn.log.append "C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20230102153454.log" /install MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
        • VC_redist.x64.exe (PID: 1324 cmdline: "C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{9F679354-B01C-4132-8C3B-9D0B8BAD9686} {7ADE5D70-631D-453D-B602-70E5C1B36EAF} 3732 MD5: 848DA6B57CB8ACC151A8D64D15BA383D)
          • VC_redist.x64.exe (PID: 4544 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
            • VC_redist.x64.exe (PID: 4008 cmdline: "C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=900 -burn.embedded BurnPipe.{8ADE75BE-8C64-4D11-B05A-A6C78AECD63F} {6EE058D7-D097-43E8-87F0-A357D97D5238} 1324 MD5: CAA6E1DCAE648CE17BC57A5B7D383CC8)
  • InstallExtension.exe (PID: 5852 cmdline: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exe MD5: 6B435C6EA00DA06603EA9927D489AB6A)
    • cmd.exe (PID: 6092 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\WindowsApp\chrome.bat" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 6096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • reg.exe (PID: 5392 cmdline: REG DELETE HKLM\SOFTWARE\Policies\Google\Chrome /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 4396 cmdline: REG DELETE HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 5428 cmdline: REG DELETE HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 5416 cmdline: REG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d dbffglanhdhedkjkijpkplhpcdndpchj /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 2040 cmdline: REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "path" /t REG_SZ /d "C:\Users\user\AppData\Local\WindowsApp\apps-helper\apps.crx" /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • reg.exe (PID: 4528 cmdline: REG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\dbffglanhdhedkjkijpkplhpcdndpchj" /v "version" /t REG_SZ /d 1.0 /f MD5: E3DACF0B31841FA02064B4457D44B357)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00029EB7 DecryptFileW,4_2_00029EB7
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0004F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,4_2_0004F961
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00029C99 DecryptFileW,DecryptFileW,4_2_00029C99
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000C9EB7 DecryptFileW,5_2_000C9EB7
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000EF961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,5_2_000EF961
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000C9C99 DecryptFileW,DecryptFileW,5_2_000C9C99
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: PROPSYS.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: SspiCli.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: MSVCP140.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: iertutil.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: VCRUNTIME140_1.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: urlmon.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: CRYPTBASE.DLL
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: VCRUNTIME140.dll

Compliance

barindex
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: edputil.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: PROPSYS.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: SspiCli.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: MSVCP140.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: iertutil.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: VCRUNTIME140_1.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: urlmon.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: CRYPTBASE.DLL
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: CLDAPI.dll
Source: C:\Users\user\AppData\Local\WindowsApp\InstallExtension.exeDLL: VCRUNTIME140.dll
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDoneJump to behavior
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1028\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1029\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1031\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1036\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1040\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1041\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1042\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1045\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1046\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1049\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\1055\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\2052\license.rtfJump to behavior
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeFile created: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.ba\3082\license.rtfJump to behavior
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{9B8C7EDA-2539-42FC-9E66-AE939366FE45}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{36CC976F-BDDA-47B0-BB5A-7568B395BA2A}\.ba\3082\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\VC_redist.x64.exeFile created: C:\Windows\Temp\{7B1AA818-8405-4B0F-ACAF-0273ABC8852E}\.ba\3082\license.rtf
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF4C347D-954E-4543-88D2-EC17F07F466F}
Source: C:\Users\user\AppData\Local\Temp\is-4N7PP.tmp\Boku no Hero Academia 6th Season - Episode 13.tmpDirectory created: C:\Program Files\InstallerJump to behavior
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: certificate valid
Source: Boku no Hero Academia 6th Season - Episode 13.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: VC_redist.x64.exe, 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000004.00000000.270201080.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000005.00000000.271727251.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000007.00000000.285438279.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000007.00000002.368408492.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000010.00000002.324092324.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000010.00000000.318798304.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000002.375653352.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000000.322751737.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000002.373692696.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000000.324242625.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000013.00000002.366393157.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000014.00000002.363516573.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000019.00000002.371119144.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000019.00000000.348409137.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 0000001B.00000002.368331825.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001C.00000002.366244549.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001D.00000002.356595702.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe.5.dr, VC_redist.x64.exe.7.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: msvcp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFCM140U.amd64.pdb source: mfcm140u.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: msvcp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdb source: vcamp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140DEU.amd64.pdb source: mfc140deu.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ENU.amd64.pdb source: mfc140enu.dll.15.dr
Source: Binary string: C:\Users\dsaxc\Desktop\InstallExtension\x64\Release\InstallExtension.pdb source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.392947585.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, InstallExtension.exe, 0000001E.00000000.378319985.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 0000001E.00000002.382242447.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000000.382129606.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000002.387277253.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, is-NDGJF.tmp.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb source: concrt140.dll.15.dr
Source: Binary string: C:\Users\dsaxc\Desktop\InstallExtension\x64\Release\InstallExtension.pdb%% source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000003.392947585.0000000004EA0000.00000004.00001000.00020000.00000000.sdmp, InstallExtension.exe, 0000001E.00000000.378319985.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 0000001E.00000002.382242447.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000000.382129606.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, InstallExtension.exe, 00000022.00000002.387277253.00007FF6C2DF7000.00000002.00000001.01000000.00000015.sdmp, is-NDGJF.tmp.3.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: msvcp140_atomic_wait.dll.15.dr
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\WixStdBA.pdb source: wixstdba.dll.5.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: msvcp140_atomic_wait.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: msvcp140_2.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140JPN.amd64.pdb source: mfc140jpn.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcamp140.amd64.pdbGCTL source: vcamp140.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdbGCTL source: msvcp140_2.dll.15.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdbGCTL source: concrt140.dll.15.dr
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\WixDepCA.pdb source: vcRuntimeAdditional_x64.5.dr, 3cd711.msi.15.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\cmd.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00013BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,4_2_00013BC3
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00054315 FindFirstFileW,FindClose,4_2_00054315
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_0002993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,4_2_0002993E
Source: C:\Users\user\AppData\Local\Temp\is-8STSI.tmp\VC_redist.x64.exeCode function: 4_2_00047A87 FindFirstFileExW,4_2_00047A87
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000F4315 FindFirstFileW,FindClose,5_2_000F4315
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000C993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,5_2_000C993E
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000B3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,5_2_000B3BC3
Source: C:\Windows\Temp\{22FC44A3-9D0C-4078-AD49-1FDAE23A881A}\.cr\VC_redist.x64.exeCode function: 5_2_000E7A87 FindFirstFileExW,5_2_000E7A87
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cabJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULLJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULLJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64Jump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packagesJump to behavior
Source: C:\Windows\Temp\{52175C1E-180F-452E-83F2-4EF07DAE0BCF}\.be\VC_redist.x64.exeFile opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULLJump to behavior
Source: VC_redist.x64.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: VC_redist.x64.exe, 00000004.00000002.377084608.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000004.00000000.270201080.000000000005B000.00000002.00000001.01000000.00000008.sdmp, VC_redist.x64.exe, 00000005.00000000.271727251.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000005.00000002.374381326.00000000000FB000.00000002.00000001.01000000.0000000A.sdmp, VC_redist.x64.exe, 00000007.00000000.285438279.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000007.00000002.368408492.0000000000EBB000.00000002.00000001.01000000.0000000D.sdmp, VC_redist.x64.exe, 00000010.00000002.324092324.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000010.00000000.318798304.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000002.375653352.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000011.00000000.322751737.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000002.373692696.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000012.00000000.324242625.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000013.00000002.366393157.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000014.00000002.363516573.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 00000019.00000002.371119144.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 00000019.00000000.348409137.0000000000C6B000.00000002.00000001.01000000.00000010.sdmp, VC_redist.x64.exe, 0000001B.00000002.368331825.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001C.00000002.366244549.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe, 0000001D.00000002.356595702.000000000005B000.00000002.00000001.01000000.00000013.sdmp, VC_redist.x64.exe.5.dr, VC_redist.x64.exe.7.drString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Boku no Hero Academia 6th Season - Episode 13.tmp, 00000003.00000002.408510272.000000000018D000.00000004.00000010.00020000.00000000.sdmp, is-NDGJF.tmp.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SH